[PATCH] 95 Fixes for comments for patches 92-2, 93, 94(CertClient and ProfileClient python implementations)
3:03 p.m.
Please review the patch which addresses the review comments given by Ade
and Fraser for patches 92-2, 93, 94.
92-2 has been checked in already. 94 has been rebased to fix conflicts
with Ade's checkins. I removed the changes to account.py and client.py
form 94 to fix the conflicts.
So update the master and apply patches 93, 94, 95.
Following are the review comments addressed in this patch -
** No. 4 in the list is not included in this patch. It will be done in a
separate patch.
1) Copy pasta error in ProfileData.from_json; ``policy_sets`` used
instead of ``inputs``/``outputs`` when processing
json_value['Input'] or json_value['Output'] lists.
2) Could you please make ProfileDataInfoCollection an iterable? It
doesn't make sense to be to have to access the ``profile_data_list``
attribute just to iterate the ProfileDataInfo objects.
3) Could you please add a ``repr`` method to ProfileData that
includes at least the profile_id? Maybe summary information about
whether it is visible/active as well, but I think just the ID should
be fine. Same goes for other classes that show up in lists, please.
4) I'm a little concerned about having the properties set/get
top-level attributes, e.g. ``enabled_by`` sets/gets ``enabledBy``.
Following this pattern where you wish to use the same name as in the
JSON would result in infinite loop; indeed you do treat some keys
different to avoid this, e.g. ``description``. This inconsistency
makes me wonder if there's a better pattern.
My suggestion would be to stash the JSON dict in a top-level
attribute (the constructor would have to initialise it to an empty
dict before other attributes are assigned) and then have the
properties set/get items in that dict.
You could further cut down boilerplate and duplication by definite a
descriptor for this purpose, e.g.:
class JSONProperty(object):
def __init__(self, attr):
self.attr
def __get__(self, instance, owner)
return obj.json_value[self.attr]
def __set__(self, instance, value)
obj.json_value[self.attr] = value
Then, most of the assignments in ``from_json`` go away , and
the corresponding property declarations follow the new pattern:
enabled_by = JSONProperty('enabledBy')
You would still need to treat Input, Output and PolicySets
differently, but you could also abstract over this pattern with yet
another class, i.e. a "JSON list property".
Anyhow, 4) isn't a show-stopper, just a (lengthy) nit-pick.
*** Will fix this in a separate patch.
5. Here you could iterate the (key, value) pairs to save keystrokes and
a bit of CPU doing ``cert_search_params[param]`` in all those places
below. e.g.:
for param, value in cert_search_params.viewitems():
...
``dict.viewitems()`` returns a *dictview* iterator-like object that
avoids creating an intermediate list as ``dict.items()`` would.
6. Here and in a few other places below it might improve readability to
test for set membership, e.g.:
if param in {
'email', 'common_name', 'user'_id',
'org_unit',
'org', ...
}:
7. pycharm appears to be set to 120 columns width by default. We need
to set to 80 and reformat accordingly. Please check in a pycharm
settings file. All new code should follow PEP8.
8. In CertRevokeRequest, a number of constants are defined for possible
reason settings. You should group those, and test for invalid reasons.
9. Do we use CertID anywhere? --- Removed CertID
10. list_entrollment_templates has a print r statement in it. Is that
supposed to be there?
11. get_enrollment_template should check for None for the profileID.
12. CertRequestInfoCollection has an element - cert_info_list, should
be
cert_request_info_list
13. ProfileConstraint -- why is id renamed to name? Why not just use
"id"
-- pycharm and pylint throw a warning when using id as an attribute name
-- Abhishek
12:18 a.m.
Still reviewing, but just a couple of quick notes.
1. You need to not track workspace.xml - and most likely add it
to .gitignore. See
http://manski.net/2012/05/which-project-files-under-version-control/#inte...
That said, it appears that Barbican for example, does not in fact check
in their .idea files. You might want to ask them about that.
2. In CertRevoke, you do check to see if the reason provided is a valid
reason, but do this by defining the valid reasons twice - once as a
standalone field, and once in an anonymous list. Better to define all
the reasons in a named list, and check that list.
On Thu, 2014-05-29 at 16:03 -0400, Abhishek Koneru wrote:
Please review the patch which addresses the review comments given by
Ade
and Fraser for patches 92-2, 93, 94.
92-2 has been checked in already. 94 has been rebased to fix conflicts
with Ade's checkins. I removed the changes to account.py and client.py
form 94 to fix the conflicts.
So update the master and apply patches 93, 94, 95.
Following are the review comments addressed in this patch -
** No. 4 in the list is not included in this patch. It will be done in a
separate patch.
1) Copy pasta error in ProfileData.from_json; ``policy_sets`` used
instead of ``inputs``/``outputs`` when processing
json_value['Input'] or json_value['Output'] lists.
2) Could you please make ProfileDataInfoCollection an iterable? It
doesn't make sense to be to have to access the ``profile_data_list``
attribute just to iterate the ProfileDataInfo objects.
3) Could you please add a ``repr`` method to ProfileData that
includes at least the profile_id? Maybe summary information about
whether it is visible/active as well, but I think just the ID should
be fine. Same goes for other classes that show up in lists, please.
4) I'm a little concerned about having the properties set/get
top-level attributes, e.g. ``enabled_by`` sets/gets ``enabledBy``.
Following this pattern where you wish to use the same name as in the
JSON would result in infinite loop; indeed you do treat some keys
different to avoid this, e.g. ``description``. This inconsistency
makes me wonder if there's a better pattern.
My suggestion would be to stash the JSON dict in a top-level
attribute (the constructor would have to initialise it to an empty
dict before other attributes are assigned) and then have the
properties set/get items in that dict.
You could further cut down boilerplate and duplication by definite a
descriptor for this purpose, e.g.:
class JSONProperty(object):
def __init__(self, attr):
self.attr
def __get__(self, instance, owner)
return obj.json_value[self.attr]
def __set__(self, instance, value)
obj.json_value[self.attr] = value
Then, most of the assignments in ``from_json`` go away , and
the corresponding property declarations follow the new pattern:
enabled_by = JSONProperty('enabledBy')
You would still need to treat Input, Output and PolicySets
differently, but you could also abstract over this pattern with yet
another class, i.e. a "JSON list property".
Anyhow, 4) isn't a show-stopper, just a (lengthy) nit-pick.
*** Will fix this in a separate patch.
5. Here you could iterate the (key, value) pairs to save keystrokes and
a bit of CPU doing ``cert_search_params[param]`` in all those places
below. e.g.:
for param, value in cert_search_params.viewitems():
...
``dict.viewitems()`` returns a *dictview* iterator-like object that
avoids creating an intermediate list as ``dict.items()`` would.
6. Here and in a few other places below it might improve readability to
test for set membership, e.g.:
if param in {
'email', 'common_name', 'user'_id',
'org_unit',
'org', ...
}:
7. pycharm appears to be set to 120 columns width by default. We need
to set to 80 and reformat accordingly. Please check in a pycharm
settings file. All new code should follow PEP8.
8. In CertRevokeRequest, a number of constants are defined for possible
reason settings. You should group those, and test for invalid reasons.
9. Do we use CertID anywhere? --- Removed CertID
10. list_entrollment_templates has a print r statement in it. Is that
supposed to be there?
11. get_enrollment_template should check for None for the profileID.
12. CertRequestInfoCollection has an element - cert_info_list, should
be
cert_request_info_list
13. ProfileConstraint -- why is id renamed to name? Why not just use
"id"
-- pycharm and pylint throw a warning when using id as an attribute name
-- Abhishek
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
1:38 a.m.
On Thu, May 29, 2014 at 04:03:14PM -0400, Abhishek Koneru wrote:
Please review the patch which addresses the review comments given by
Ade
and Fraser for patches 92-2, 93, 94.
92-2 has been checked in already. 94 has been rebased to fix conflicts
with Ade's checkins. I removed the changes to account.py and client.py
form 94 to fix the conflicts.
So update the master and apply patches 93, 94, 95.
Following are the review comments addressed in this patch -
** No. 4 in the list is not included in this patch. It will be done in a
separate patch.
1) Copy pasta error in ProfileData.from_json; ``policy_sets`` used
instead of ``inputs``/``outputs`` when processing
json_value['Input'] or json_value['Output'] lists.
2) Could you please make ProfileDataInfoCollection an iterable? It
doesn't make sense to be to have to access the ``profile_data_list``
attribute just to iterate the ProfileDataInfo objects.
Using generators to implement ``__iter__`` is a fine solution (i.e.
not a show-stopper IMO) but more terse and idiomatic would be::
def __iter__(self):
return iter(self._internal_iterable)
Nothing else stood out to me on eyeballing the new patch but I still
have to test it.
Fraser
3) Could you please add a ``repr`` method to ProfileData that
includes at least the profile_id? Maybe summary information about
whether it is visible/active as well, but I think just the ID should
be fine. Same goes for other classes that show up in lists, please.
4) I'm a little concerned about having the properties set/get
top-level attributes, e.g. ``enabled_by`` sets/gets ``enabledBy``.
Following this pattern where you wish to use the same name as in the
JSON would result in infinite loop; indeed you do treat some keys
different to avoid this, e.g. ``description``. This inconsistency
makes me wonder if there's a better pattern.
My suggestion would be to stash the JSON dict in a top-level
attribute (the constructor would have to initialise it to an empty
dict before other attributes are assigned) and then have the
properties set/get items in that dict.
You could further cut down boilerplate and duplication by definite a
descriptor for this purpose, e.g.:
class JSONProperty(object):
def __init__(self, attr):
self.attr
def __get__(self, instance, owner)
return obj.json_value[self.attr]
def __set__(self, instance, value)
obj.json_value[self.attr] = value
Then, most of the assignments in ``from_json`` go away , and
the corresponding property declarations follow the new pattern:
enabled_by = JSONProperty('enabledBy')
You would still need to treat Input, Output and PolicySets
differently, but you could also abstract over this pattern with yet
another class, i.e. a "JSON list property".
Anyhow, 4) isn't a show-stopper, just a (lengthy) nit-pick.
*** Will fix this in a separate patch.
5. Here you could iterate the (key, value) pairs to save keystrokes and
a bit of CPU doing ``cert_search_params[param]`` in all those places
below. e.g.:
for param, value in cert_search_params.viewitems():
...
``dict.viewitems()`` returns a *dictview* iterator-like object that
avoids creating an intermediate list as ``dict.items()`` would.
6. Here and in a few other places below it might improve readability to
test for set membership, e.g.:
if param in {
'email', 'common_name', 'user'_id',
'org_unit',
'org', ...
}:
7. pycharm appears to be set to 120 columns width by default. We need
to set to 80 and reformat accordingly. Please check in a pycharm
settings file. All new code should follow PEP8.
8. In CertRevokeRequest, a number of constants are defined for possible
reason settings. You should group those, and test for invalid reasons.
9. Do we use CertID anywhere? --- Removed CertID
10. list_entrollment_templates has a print r statement in it. Is that
supposed to be there?
11. get_enrollment_template should check for None for the profileID.
12. CertRequestInfoCollection has an element - cert_info_list, should
be
cert_request_info_list
13. ProfileConstraint -- why is id renamed to name? Why not just use
"id"
-- pycharm and pylint throw a warning when using id as an attribute name
-- Abhishek
>From d3c10a6ff46bfc2f8afea849c2d3a297e47e305d Mon Sep 17 00:00:00
2001
From: Abhishek Koneru <akoneru(a)redhat.com>
Date: Fri, 9 May 2014 10:16:44 -0400
Subject: [PATCH] Added methods in CertClient for CertRequestResource
Adds the methods for fetching the enrollment templates,
creating the enrollment requests, submitting the requests,
performing actions(approve, reject, cancel etc.) on the requests.
Also defined the classes needed for representing data used to
perform the above mentioned operations.
---
base/common/python/pki/cert.py | 694 +++++++++++++++++++++++++++++++++++++-
base/common/python/pki/profile.py | 577 +++++++++++++++++++++++++++++++
2 files changed, 1261 insertions(+), 10 deletions(-)
create mode 100644 base/common/python/pki/profile.py
diff --git a/base/common/python/pki/cert.py b/base/common/python/pki/cert.py
index c0141048586c5fdbdf84cd0f1c204009e5cac715..b22307ad1b2c2456257dc9416208e6725234bf9c
100644
--- a/base/common/python/pki/cert.py
+++ b/base/common/python/pki/cert.py
@@ -4,11 +4,14 @@ Created on Feb 13, 2014
@author: akoneru
"""
+import copy
import json
+import types
+
import pki
import pki.client as client
import pki.encoder as encoder
-import types
+import pki.profile as profile
class CertId(object):
@@ -104,8 +107,8 @@ class CertDataInfo(object):
class CertDataInfoCollection(object):
"""
- Class containing lists of CertDataInfo objects.
- This data is returned when searching/listing certificate records on the CA.
+ Class containing list of CertDataInfo objects and their respective link objects.
+ This data is returned when searching/listing certificate records in the CA.
"""
def __init__(self):
@@ -162,7 +165,7 @@ class CertRequestInfo(object):
cert_request_info.request_id = \
str(cert_request_info.request_url)[(str(cert_request_info.request_url).rfind("/")
+ 1):]
#Optional parameters
- if 'certID' in attr_list:
+ if 'certId' in attr_list:
cert_request_info.cert_id = attr_list['certId']
if 'certURL' in attr_list:
cert_request_info.cert_url = attr_list['certURL']
@@ -174,6 +177,37 @@ class CertRequestInfo(object):
return cert_request_info
+class CertRequestInfoCollection(object):
+ """
+ Class containing list of CertRequestInfo objects.
+ This data is returned when listing certificate request records in the CA.
+ """
+
+ def __init__(self):
+ self.cert_info_list = []
+ self.links = []
+
+ @classmethod
+ def from_json(cls, json_value):
+ """ Populate object from JSON input """
+ ret = cls()
+ cert_req_infos = json_value['entries']
+ if not isinstance(cert_req_infos, types.ListType):
+ ret.cert_info_list.append(CertRequestInfo.from_json(cert_req_infos))
+ else:
+ for cert_info in cert_req_infos:
+ ret.cert_info_list.append(CertRequestInfo.from_json(cert_info))
+
+ links = json_value['Link']
+ if not isinstance(links, types.ListType):
+ ret.links.append(pki.Link.from_json(links))
+ else:
+ for link in links:
+ ret.links.append(pki.Link.from_json(link))
+
+ return ret
+
+
class CertSearchRequest(object):
"""
An object of this class is used to store the search parameters
@@ -285,6 +319,330 @@ class CertRevokeRequest(object):
setattr(self, "Comments", comments)
+class CertEnrollmentRequest(object):
+ """
+ This class encapsulates the parameters required for a certificate enrollment
request.
+ """
+
+ def __init__(self, profile_id=None, renewal=False, serial_number=None,
remote_host=None, remote_address=None,
+ inputs=None, outputs=None):
+ """ Constructor """
+ self.profile_id = profile_id
+ self.renewal = renewal
+ self.serial_number = serial_number
+ self.remote_host = remote_host
+ self.remote_address = remote_address
+ if inputs is None:
+ self.inputs = []
+ if outputs is None:
+ self.outputs = []
+
+ @property
+ def profile_id(self):
+ return getattr(self, 'ProfileID', None)
+
+ @profile_id.setter
+ def profile_id(self, value):
+ setattr(self, 'ProfileID', value)
+
+ @property
+ def renewal(self):
+ return getattr(self, 'Renewal', False)
+
+ @renewal.setter
+ def renewal(self, value):
+ setattr(self, 'Renewal', value)
+
+ @property
+ def serial_number(self):
+ return getattr(self, 'SerialNumber', None)
+
+ @serial_number.setter
+ def serial_number(self, value):
+ setattr(self, 'SerialNumber', value)
+
+ @property
+ def remote_host(self):
+ return getattr(self, 'RemoteHost', None)
+
+ @remote_host.setter
+ def remote_host(self, value):
+ setattr(self, 'RemoteHost', value)
+
+ @property
+ def remote_address(self):
+ return getattr(self, 'RemoteAddress', None)
+
+ @remote_address.setter
+ def remote_address(self, value):
+ setattr(self, 'RemoteAddress', value)
+
+ @property
+ def inputs(self):
+ return getattr(self, 'Input')
+
+ @inputs.setter
+ def inputs(self, value):
+ setattr(self, 'Input', value)
+
+ @property
+ def outputs(self):
+ return getattr(self, 'Output')
+
+ @outputs.setter
+ def outputs(self, value):
+ setattr(self, 'Output', value)
+
+ def add_input(self, profile_input):
+ self.inputs.append(profile_input)
+
+ def remove_input(self, profile_input_name):
+ for profile_input in self.inputs:
+ if profile_input_name == profile_input.name:
+ self.inputs.pop(profile_input)
+ break
+
+ def get_input(self, profile_input_name):
+ for profile_input in self.inputs:
+ if profile_input_name == profile_input.name:
+ return profile_input
+
+ return None
+
+ def add_output(self, profile_output):
+ self.outputs.append(profile_output)
+
+ def remove_output(self, profile_output_name):
+ for output in self.outputs:
+ if profile_output_name == output.name:
+ self.outputs.pop(output)
+ break
+
+ def get_output(self, profile_output_name):
+ for output in self.outputs:
+ if profile_output_name == output.name:
+ return output
+
+ return None
+
+ @classmethod
+ def from_json(cls, json_value):
+ enroll_request = cls()
+
+ enroll_request.profile_id = json_value['ProfileID']
+ enroll_request.renewal = json_value['Renewal']
+ if 'SerialNumber' in json_value:
+ enroll_request.serial_number = json_value['SerialNumber']
+ if 'RemoteHost' in json_value:
+ enroll_request.remote_host = json_value['RemoteHost']
+ if 'RemoteAddress' in json_value:
+ enroll_request.remote_address = json_value['RemoteAddress']
+
+ inputs = json_value['Input']
+ if not isinstance(inputs, types.ListType):
+ enroll_request.inputs.append(profile.ProfileInput.from_json(inputs))
+ else:
+ for profile_input in inputs:
+
enroll_request.inputs.append(profile.ProfileInput.from_json(profile_input))
+
+ outputs = json_value['Output']
+ if not isinstance(outputs, types.ListType):
+ enroll_request.outputs.append(profile.ProfileOutput.from_json(outputs))
+ else:
+ for profile_output in outputs:
+
enroll_request.outputs.append(profile.ProfileOutput.from_json(profile_output))
+
+ return enroll_request
+
+
+class CertReviewResponse(CertEnrollmentRequest):
+ """
+ An object of this class represent the response from the server when
+ reviewing a certificate enrollment request.
+ It contains a nonce required to perform action on the request.
+ """
+
+ def __init__(self, profile_id=None, renewal=False, serial_number=None,
remote_host=None, remote_address=None,
+ inputs=None, outputs=None, nonce=None, request_id=None,
request_type=None, request_status=None,
+ request_owner=None, request_creation_time=None,
request_modification_time=None, request_notes=None,
+ profile_approval_by=None, profile_set_id=None, profile_is_visible=None,
profile_name=None,
+ profile_description=None, profile_remote_host=None,
profile_remote_address=None, policy_sets=None):
+
+ super(CertReviewResponse, self).__init__(profile_id, renewal, serial_number,
remote_host,
+ remote_address, inputs, outputs)
+ self.nonce = nonce
+ self.request_id = request_id
+ self.request_type = request_type
+ self.request_status = request_status
+ self.request_owner = request_owner
+ self.request_creation_time = request_creation_time
+ self.request_modification_time = request_modification_time
+ self.request_notes = request_notes
+ self.profile_approved_by = profile_approval_by
+ self.profile_set_id = profile_set_id
+ self.profile_is_visible = profile_is_visible
+ self.profile_name = profile_name
+ self.profile_description = profile_description
+ self.profile_remote_host = profile_remote_host
+ self.profile_remote_address = profile_remote_address
+
+ if policy_sets is None:
+ self.policy_sets = []
+ else:
+ self.policy_sets = policy_sets
+
+ @property
+ def request_id(self):
+ return getattr(self, 'requestId')
+
+ @request_id.setter
+ def request_id(self, value):
+ setattr(self, 'requestId', value)
+
+ @property
+ def request_type(self):
+ return getattr(self, 'requestType')
+
+ @request_type.setter
+ def request_type(self, value):
+ setattr(self, 'requestType', value)
+
+ @property
+ def request_status(self):
+ return getattr(self, 'requestStatus')
+
+ @request_status.setter
+ def request_status(self, value):
+ setattr(self, 'requestStatus', value)
+
+ @property
+ def request_owner(self):
+ return getattr(self, 'requestOwner')
+
+ @request_owner.setter
+ def request_owner(self, value):
+ setattr(self, 'requestOwner', value)
+
+ @property
+ def request_creation_time(self):
+ return getattr(self, 'requestCreationTime')
+
+ @request_creation_time.setter
+ def request_creation_time(self, value):
+ setattr(self, 'requestCreationTime', value)
+
+ @property
+ def request_modification_time(self):
+ return getattr(self, 'requestModificationTime')
+
+ @request_modification_time.setter
+ def request_modification_time(self, value):
+ setattr(self, 'requestModificationTime', value)
+
+ @property
+ def request_notes(self):
+ return getattr(self, 'requestNotes')
+
+ @request_notes.setter
+ def request_notes(self, value):
+ setattr(self, 'requestNotes', value)
+
+ @property
+ def profile_approved_by(self):
+ return getattr(self, 'profileApprovedBy')
+
+ @profile_approved_by.setter
+ def profile_approved_by(self, value):
+ setattr(self, 'profileApprovedBy', value)
+
+ @property
+ def profile_set_id(self):
+ return getattr(self, 'profileSetId')
+
+ @profile_set_id.setter
+ def profile_set_id(self, value):
+ setattr(self, 'profileSetId', value)
+
+ @property
+ def profile_is_visible(self):
+ return getattr(self, 'profileIsVisible')
+
+ @profile_is_visible.setter
+ def profile_is_visible(self, value):
+ setattr(self, 'profileIsVisible', value)
+
+ @property
+ def profile_name(self):
+ return getattr(self, 'profileName')
+
+ @profile_name.setter
+ def profile_name(self, value):
+ setattr(self, 'profileName', value)
+
+ @property
+ def profile_description(self):
+ return getattr(self, 'profileDescription')
+
+ @profile_description.setter
+ def profile_description(self, value):
+ setattr(self, 'profileDescription', value)
+
+ @property
+ def profile_remote_host(self):
+ return getattr(self, 'profileRemoteHost')
+
+ @profile_remote_host.setter
+ def profile_remote_host(self, value):
+ setattr(self, 'profileRemoteHost', value)
+
+ @property
+ def profile_remote_address(self):
+ return getattr(self, 'profileRemoteAddr')
+
+ @profile_remote_address.setter
+ def profile_remote_address(self, value):
+ setattr(self, 'profileRemoteAddr', value)
+
+ @property
+ def policy_sets(self):
+ return getattr(self, 'ProfilePolicySet')
+
+ @policy_sets.setter
+ def policy_sets(self, value):
+ setattr(self, 'ProfilePolicySet', value)
+
+ @classmethod
+ def from_json(cls, json_value):
+
+ #First read the values for attributes defined in CertEnrollmentRequest
+ review_response = super(CertReviewResponse, cls).from_json(json_value)
+
+ review_response.nonce = json_value['nonce']
+ review_response.request_id = json_value['requestId']
+ review_response.request_type = json_value['requestType']
+ review_response.request_status = json_value['requestStatus']
+ review_response.request_owner = json_value['requestOwner']
+ review_response.request_creation_time =
json_value['requestCreationTime']
+ review_response.request_modification_time =
json_value['requestModificationTime']
+ review_response.request_notes = json_value['requestNotes']
+ review_response.profile_approved_by = json_value['profileApprovedBy']
+ review_response.profile_set_id = json_value['profileSetId']
+ review_response.profile_is_visible = json_value['profileIsVisible']
+ review_response.profile_name = json_value['profileName']
+ review_response.profile_description = json_value['profileDescription']
+ review_response.profile_remote_host = json_value['profileRemoteHost']
+ review_response.profile_remote_address =
json_value['profileRemoteAddr']
+
+ profile_policy_sets = json_value['ProfilePolicySet']
+ if not isinstance(profile_policy_sets, types.ListType):
+
review_response.policy_sets.append(profile.ProfilePolicySet.from_json(profile_policy_sets))
+ else:
+ for policy_set in profile_policy_sets:
+
review_response.policy_sets.append(profile.ProfilePolicySet.from_json(policy_set))
+
+ return review_response
+
+
class CertClient(object):
"""
Class encapsulating and mirroring the functionality in the CertResource Java
interface class
@@ -298,6 +656,8 @@ class CertClient(object):
'Accept': 'application/json'}
self.cert_url = '/rest/certs'
self.agent_cert_url = '/rest/agent/certs'
+ self.cert_requests_url = '/rest/certrequests'
+ self.agent_cert_requests_url = '/rest/agent/certrequests'
self.enrollment_templates = {}
@pki.handle_exceptions()
@@ -399,10 +759,251 @@ class CertClient(object):
r = self.connection.post(url, None, headers=self.headers)
return CertRequestInfo.from_json(r.json())
+ @pki.handle_exceptions()
+ def get_request(self, request_id):
+ """
+ Get information of a certificate request with the given request ID.
+ Returns a CertRequestInfo object.
+ """
+
+ if request_id is None:
+ raise ValueError("Request ID must be specified")
+ url = self.cert_requests_url + '/' + str(request_id)
+ r = self.connection.get(url, headers=self.headers)
+
+ return CertRequestInfo.from_json(r.json())
+
+ @pki.handle_exceptions()
+ def list_requests(self, request_status=None, request_type=None,
from_request_id=None, size=None,
+ max_results=None, max_time=None):
+ """
+ Query for a list of certificates using the arguments passed.
+ Returns a CertRequestInfoCollection object.
+ """
+
+ query_params = {
+ 'requestStatus': request_status,
+ 'requestType': request_type,
+ 'start': from_request_id,
+ 'pageSize': size,
+ 'maxResults': max_results,
+ 'maxTime': max_time
+ }
+ r = self.connection.get(self.agent_cert_requests_url, self.headers,
query_params)
+ return CertRequestInfoCollection.from_json(r.json())
+
+ @pki.handle_exceptions()
+ def review_request(self, request_id):
+ """
+ Reviews a certificate enrollment request.
+ Returns a CertReviewResponse object which contains the nonce
+ from the server needed to perform an action on the request.
+ """
+ if request_id is None:
+ raise ValueError("Request Id must be specified.")
+
+ url = self.agent_cert_requests_url + '/' + str(request_id)
+ r = self.connection.get(url, headers=self.headers)
+ return CertReviewResponse.from_json(r.json())
+
+ @pki.handle_exceptions()
+ def _perform_action(self, request_id, cert_review_response, action):
+ """
+ An internal method used by all the action methods to perform
+ an action on a certificate request.
+ The parameter cert_review_response
+ """
+ if request_id is None:
+ raise ValueError("Request Id must be specified.")
+ if cert_review_response is None:
+ cert_review_response = self.review_request(request_id)
+
+ url = self.agent_cert_requests_url + '/' + request_id + '/' +
action
+ review_response = json.dumps(cert_review_response,
cls=encoder.CustomTypeEncoder, sort_keys=True)
+ r = self.connection.post(url, review_response, headers=self.headers)
+ return r
+
+ def approve_request(self, request_id, cert_review_response=None):
+ """
+ Approves a certificate enrollment request.
+ If cert_review_response is None, a review request operation is performed to
fetch the
+ CertReviewResponse object.
+ Requires as agent level authentication.
+ """
+ return self._perform_action(request_id, cert_review_response,
'approve')
+
+ def cancel_request(self, request_id, cert_review_response=None):
+ """
+ Cancels a certificate enrollment request.
+ If cert_review_response is None, a review request operation is performed to
fetch the
+ CertReviewResponse object.
+ Requires as agent level authentication.
+ """
+ return self._perform_action(request_id, cert_review_response, 'cancel')
+
+ def reject_request(self, request_id, cert_review_response=None):
+ """
+ Rejects a certificate enrollment request.
+ If cert_review_response is None, a review request operation is performed to
fetch the
+ CertReviewResponse object.
+ Requires as agent level authentication.
+ """
+ return self._perform_action(request_id, cert_review_response, 'reject')
+
+ def validate_request(self, request_id, cert_review_response):
+ """
+ Validates a certificate enrollment request.
+ If cert_review_response is None, a review request operation is performed to
fetch the
+ CertReviewResponse object.
+ Requires as agent level authentication.
+ """
+ return self._perform_action(request_id, cert_review_response,
'validate')
+
+ def update_request(self, request_id, cert_review_response):
+ """
+ Updates a certificate enrollment request.
+ If cert_review_response is None, a review request operation is performed to
fetch the
+ CertReviewResponse object.
+ Requires as agent level authentication.
+ """
+ return self._perform_action(request_id, cert_review_response, 'update')
+
+ def assign_request(self, request_id, cert_review_response):
+ """
+ Assigns a certificate enrollment request.
+ If cert_review_response is None, a review request operation is performed to
fetch the
+ CertReviewResponse object.
+ Requires as agent level authentication.
+ """
+ return self._perform_action(request_id, cert_review_response, 'assign')
+
+ def unassign_request(self, request_id, cert_review_response):
+ """
+ Un-assigns a certificate enrollment request.
+ If cert_review_response is None, a review request operation is performed to
fetch the
+ CertReviewResponse object.
+ Requires as agent level authentication.
+ """
+ return self._perform_action(request_id, cert_review_response,
'unassign')
+
+ @pki.handle_exceptions()
+ def list_enrollment_templates(self, start=None, size=None):
+ """
+ Gets the list of profile templates supported by the CA.
+ The values for start and size arguments determine the starting point and the
length of the list.
+ Returns a ProfileDataInfoCollection object.
+ """
+
+ url = self.cert_requests_url + '/profiles'
+ query_params = {
+ 'start': start,
+ 'size': size
+ }
+ r = self.connection.get(url, self.headers, query_params)
+ print r
+ return profile.ProfileDataInfoCollection.from_json(r.json())
+
+ @pki.handle_exceptions()
+ def get_enrollment_template(self, profile_id):
+ """
+ Fetch the enrollment template for the given profile id.
+ For the first time, the request is sent to the server.
+ The retrieved CertEnrollmentRequest object is then cached locally for future
requests.
+ Returns a CerEnrollmentRequest object.
+ """
+
+ if profile_id in self.enrollment_templates:
+ return copy.deepcopy(self.enrollment_templates[profile_id])
+ url = self.cert_requests_url + '/profiles/' + str(profile_id)
+ r = self.connection.get(url, self.headers)
+
+ #Caching the enrollment template object in-memory for future use.
+ enrollment_template = CertEnrollmentRequest.from_json(r.json())
+ self.enrollment_templates[profile_id] = enrollment_template
+
+ return copy.deepcopy(enrollment_template)
+
+ @pki.handle_exceptions()
+ def create_enrollment_request(self, profile_id, inputs):
+ """
+ Fetches the enrollment request object for the given profile and
+ sets values to its attributes using the values provided in the inputs
dictionary.
+ Returns the CertEnrollmentRequest object, which can be submitted to enroll a
certificate.
+ """
+ if inputs is None or len(inputs) == 0:
+ raise ValueError("No inputs provided.")
+
+ enrollment_template = self.get_enrollment_template(profile_id)
+ for profile_input in enrollment_template.inputs:
+ for attribute in profile_input.attributes:
+ if attribute.name in inputs:
+ attribute.value = inputs[attribute.name]
+
+ return enrollment_template
+
+ @pki.handle_exceptions()
+ def submit_enrollment_request(self, enrollment_request):
+ """
+ Submits the CertEnrollmentRequest object to the server.
+ Returns a CertRequestInfoCollection object with information about the
certificate requests
+ enrolled at the CA.
+ """
+ request_object = json.dumps(enrollment_request, cls=encoder.CustomTypeEncoder,
sort_keys=True)
+ r = self.connection.post(self.cert_requests_url, request_object, self.headers)
+ return CertRequestInfoCollection.from_json(r.json())
+
+ @pki.handle_exceptions()
+ def enroll_cert(self, profile_id, inputs):
+ """
+ A convenience method for enrolling a certificate for a given profile id.
+ The inputs parameter should be a dictionary with values for the profile
attributes
+ for an enrollment request.
+
+ Calling this method with valid arguments, creates an enrollment request, submits
it
+ to the server, approves the certificate requests generated for the enrollment
and
+ returns a list of CertData objects for all the certificates generated as part of
this
+ enrollment.
+
+ Note: This method supports only certificate enrollment where only one agent
approval
+ is sufficient.
+
+ Requires an agent level authentication.
+ """
+
+ # Create a CertEnrollmentRequest object using the inputs for the given profile
id.
+ enroll_request = self.create_enrollment_request(profile_id, inputs)
+
+ # Submit the enrollment request
+ cert_request_infos = self.submit_enrollment_request(enroll_request)
+
+ # Approve the requests generated for the certificate enrollment.
+ # Fetch the CertData objects for all the certificates created and return to the
caller.
+
+ certificates = []
+ for cert_request_info in cert_request_infos.cert_info_list:
+ request_id = cert_request_info.request_id
+ self.approve_request(request_id)
+ cert_id = self.get_request(request_id).cert_id
+ certificates.append(self.get_cert(cert_id))
+
+ return certificates
+
encoder.NOTYPES['CertData'] = CertData
encoder.NOTYPES['CertSearchRequest'] = CertSearchRequest
encoder.NOTYPES['CertRevokeRequest'] = CertRevokeRequest
+encoder.NOTYPES['CertEnrollmentRequest'] = CertEnrollmentRequest
+encoder.NOTYPES['ProfileInput'] = profile.ProfileInput
+encoder.NOTYPES['ProfileAttribute'] = profile.ProfileAttribute
+encoder.NOTYPES['Descriptor'] = profile.Descriptor
+encoder.NOTYPES['ProfileOutput'] = profile.ProfileOutput
+encoder.NOTYPES['CertReviewResponse'] = CertReviewResponse
+encoder.NOTYPES['ProfilePolicySet'] = profile.ProfilePolicySet
+encoder.NOTYPES['ProfilePolicy'] = profile.ProfilePolicy
+encoder.NOTYPES['PolicyDefault'] = profile.PolicyDefault
+encoder.NOTYPES['PolicyConstraint'] = profile.PolicyConstraint
+encoder.NOTYPES['PolicyConstraintValue'] = profile.PolicyConstraintValue
+encoder.NOTYPES['ProfileParameter'] = profile.ProfileParameter
def main():
@@ -416,16 +1017,76 @@ def main():
#Instantiate the CertClient
cert_client = CertClient(connection)
+ cert_client.get_enrollment_template('caUserCert')
+
+ #Enrolling an user certificate
+ print('Enrolling an user certificate')
+ print('-----------------------------')
+
+ inputs = dict()
+ inputs['cert_request_type'] = 'crmf'
+ inputs['cert_request'] =
"MIIBpDCCAaAwggEGAgUA5n9VYTCBx4ABAqUOMAwxCjAIBgNVBAMTAXimgZ8wDQYJKoZIhvcNAQEBBQAD"
\
+
"gY0AMIGJAoGBAK/SmUVoUjBtqHNw/e3OoCSXw42pdQSR53/eYJWpf7nyTbZ9UuIhGfXOtxy5vRetmDHE"
\
+
"9u0AopmuJbr1rL17/tSnDakpkE9umQ2lMOReLloSdX32w2xOeulUwh5BGbFpq10S0SvW1H93Vn0eCy2a"
\
+
"a4UtILNEsp7JJ3FnYJibfuMPAgMBAAGpEDAOBgNVHQ8BAf8EBAMCBeAwMzAVBgkrBgEFBQcFAQEMCHJl"
\
+
"Z1Rva2VuMBoGCSsGAQUFBwUBAgwNYXV0aGVudGljYXRvcqGBkzANBgkqhkiG9w0BAQUFAAOBgQCuywnr"
\
+
"Dk/wGwfbguw9oVs9gzFQwM4zeFbk+z82G5CWoG/4mVOT5LPL5Q8iF+KfnaU9Qcu6zZPxW6ZmDd8WpPJ+"
\
+
"MTPyQl3Q5BfiKa4l5ra1NeqxMOlMiiupwINmm7jd1KaA2eIjuyC8/gTaO4b14R6aRaOj+Scp9cNYbthA7REhJw=="
+ inputs['sn_uid'] = 'test12345'
+ inputs['sn_e'] = 'example(a)redhat.com'
+ inputs['sn_cn'] = 'TestUser'
+
+ cert_data_infos = cert_client.enroll_cert('caUserCert', inputs)
+
+ for data in cert_data_infos:
+ print('Serial Number: ' + data.serial_number)
+ print('Issuer: ' + data.issuer_dn)
+ print('Subject: ' + data.subject_dn)
+ print('Pretty Print:')
+ print(data.pretty_repr)
+
+ print
+
+ # Enrolling a server certificate
+ print("Enrolling a server certificate")
+ print('------------------------------')
+
+ inputs = dict()
+ inputs['cert_request_type'] = 'pkcs10'
+ inputs['cert_request'] =
"MIIBmDCCAQECAQAwWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5DMRAwDgYDVQQHDAdSYWxlaWdoMRUwE"
\
+
"wYDVQQKDAxSZWQgSGF0IEluYy4xEzARBgNVBAMMClRlc3RTZXJ2ZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY"
\
+
"0AMIGJAoGBAMJpWz92dSYCvWxllrQCY5atPKCswUwyppRNGPnKmJ77AdHBBI4dFyET+h/+69jQMTLZMa8"
\
+
"FX7SbyHvgbgLBP4Q/RzCSE2S87qFNjriOqiQCqJmcrzDzdncJQiP+O7T6MSpLo3smLP7dK1Vd7vK0Vy8y"
\
+
"HwV0eBx7DgYedv2slBPHAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQBvkxAGKwkfK3TKwLc5Mg0IWp8zG"
\
+
"RVwxdIlghAL8DugNocCNNgmZazglJOOehLuk0/NkLX1ZM5RrVgM09W6kcfWZtIwr5Uje2K/+6tW2ZTGrb"
\
+
"izs7CNOTMzA/9H8CkHb4H9P/qRT275zHIocYj4smUnXLwWGsBMeGs+OMMbGvSrHg=="
+
+ inputs['requestor_name'] = 'Tester'
+ inputs['requestor_email'] = 'example(a)redhat.com'
+
+ cert_data_infos_2 = cert_client.enroll_cert('caServerCert', inputs)
+ for data in cert_data_infos_2:
+ print('Serial Number: ' + data.serial_number)
+ print('Issuer: ' + data.issuer_dn)
+ print('Subject: ' + data.subject_dn)
+ print('Pretty Print:')
+ print(data.pretty_repr)
+
+ print
+
# List all the VALID certs
+ print('An example listing all VALID certs')
+ print('----------------------------------')
+
search_params = {'status': 'VALID'}
- cert_data_infos = cert_client.list_certs(**search_params)
- for cert_data_info in cert_data_infos.cert_info_list:
+ cert_data_list = cert_client.list_certs(**search_params)
+ for cert_data_info in cert_data_list.cert_info_list:
print("Serial Number: " + cert_data_info.cert_id)
print("Subject DN: " + cert_data_info.subject_dn)
print("Status: " + cert_data_info.status)
print
- #Trying an invalid get cert
+ #Trying to get a non-existing cert
#Assuming that there is no certificate with serial number = 100
try:
cert_data = cert_client.get_cert(100)
@@ -437,10 +1098,14 @@ def main():
print
# Certificate Serial Number used for CertClient methods.
- # 7 and '0x7' are also valid values
- cert_id = 0x7
+ # 7, 0x7 and '0x7' are also valid values
+ # Following examples use the serial number of the user certificate enrolled before.
+ cert_id = cert_data_infos[0].serial_number
#Get certificate data
+ print('Getting information of a certificate')
+ print('------------------------------------')
+
cert_data = cert_client.get_cert(cert_id)
# Print the certificate information
print('Serial Number: ' + cert_data.serial_number)
@@ -456,6 +1121,9 @@ def main():
print
# Review a certificate - used to get a nonce for revoke request.
+ print('Reviewing a certificate')
+ print('-----------------------')
+
cert_data = cert_client.review_cert(cert_id)
print('Serial Number: ' + cert_data.serial_number)
print('Issuer: ' + cert_data.issuer_dn)
@@ -465,6 +1133,9 @@ def main():
print
#Revoke a certificate
+ print('Revoking a certificate')
+ print('----------------------')
+
cert_request_info = cert_client.revoke_cert(cert_data.serial_number,
revocation_reason=CertRevokeRequest.REASON_CERTIFICATE_HOLD,
comments="Test revoking a
cert", nonce=cert_data.nonce)
@@ -474,6 +1145,9 @@ def main():
print
#Un-revoke a certificate
+ print('Un-revoking a certificate')
+ print('-------------------------')
+
cert_request_info = cert_client.unrevoke_cert(cert_data.serial_number)
print('Request ID: ' + cert_request_info.request_id)
print('Request Type: ' + cert_request_info.request_type)
@@ -482,4 +1156,4 @@ def main():
if __name__ == "__main__":
- main()
+ main()
\ No newline at end of file
diff --git a/base/common/python/pki/profile.py b/base/common/python/pki/profile.py
new file mode 100644
index 0000000000000000000000000000000000000000..490db0994cacf927ced96b5ed43790fda4327894
--- /dev/null
+++ b/base/common/python/pki/profile.py
@@ -0,0 +1,577 @@
+#!/usr/bin/python
+"""
+Created on May 13,, 2014
+
+@author: akoneru
+"""
+
+import types
+
+import pki
+
+
+class ProfileDataInfo(object):
+ """Stores information about a profile"""
+ def __init__(self):
+ self.profile_id = None
+ self.profile_name = None
+ self.profile_description = None
+ self.profile_url = None
+
+ @classmethod
+ def from_json(cls, attr_list):
+ profile_data_info = cls()
+ profile_data_info.profile_id = attr_list['profileId']
+ profile_data_info.profile_name = attr_list['profileName']
+ profile_data_info.profile_description = attr_list['profileDescription']
+ profile_data_info.profile_url = attr_list['profileURL']
+
+ return profile_data_info
+
+
+class ProfileDataInfoCollection(object):
+ """
+ Represents a collection of ProfileDataInfo objects.
+ Also encapsulates the links for the list of the objects stored.
+ """
+
+ def __init__(self):
+ self.profile_data_list = []
+ self.links = []
+
+ @classmethod
+ def from_json(cls, json_value):
+ ret = cls()
+ profile_data_infos = json_value['entries']
+ if not isinstance(profile_data_infos, types.ListType):
+ ret.profile_data_list.append(ProfileDataInfo.from_json(profile_data_infos))
+ else:
+ for profile_info in profile_data_infos:
+ ret.profile_data_list.append(ProfileDataInfo.from_json(profile_info))
+
+ links = json_value['Link']
+ if not isinstance(links, types.ListType):
+ ret.links.append(pki.Link.from_json(links))
+ else:
+ for link in links:
+ ret.links.append(pki.Link.from_json(link))
+
+ return ret
+
+
+class Descriptor(object):
+ """
+ This class represents the description of a ProfileAttribute.
+ It stores information such as the syntax, constraint and default value of a profile
attribute.
+ """
+
+ def __init__(self, syntax=None, constraint=None, description=None,
default_value=None):
+ self.syntax = syntax
+ self.constraint = constraint
+ self.description = description
+ self.default_value = default_value
+
+ @property
+ def syntax(self):
+ return getattr(self, 'Syntax', None)
+
+ @syntax.setter
+ def syntax(self, value):
+ setattr(self, 'Syntax', value)
+
+ @property
+ def constraint(self):
+ return getattr(self, 'Constraint', None)
+
+ @constraint.setter
+ def constraint(self, value):
+ setattr(self, 'Constraint', value)
+
+ @property
+ def description(self):
+ return getattr(self, 'Description', None)
+
+ @description.setter
+ def description(self, value):
+ setattr(self, 'Description', value)
+
+ @property
+ def default_value(self):
+ return getattr(self, 'DefaultValue', None)
+
+ @default_value.setter
+ def default_value(self, value):
+ setattr(self, 'DefaultValue', value)
+
+ @classmethod
+ def from_json(cls, attr_list):
+ descriptor = cls()
+ for attr in attr_list:
+ setattr(descriptor, attr, attr_list[attr])
+
+ return descriptor
+
+
+class ProfileAttribute(object):
+ """
+ Represents a profile attribute of a ProfileInput.
+ """
+ def __init__(self, name=None, value=None, descriptor=None):
+ self.name = name
+ self.value = value
+ self.descriptor = descriptor
+
+ @property
+ def descriptor(self):
+ return getattr(self, 'Descriptor')
+
+ @descriptor.setter
+ def descriptor(self, value):
+ setattr(self, 'Descriptor', value)
+
+ @property
+ def value(self):
+ return getattr(self, 'Value')
+
+ @value.setter
+ def value(self, value):
+ setattr(self, 'Value', value)
+
+ @classmethod
+ def from_json(cls, attr_list):
+ attribute = cls()
+ attribute.name = attr_list['name']
+ if 'Value' in attr_list:
+ attribute.value = attr_list['Value']
+ if 'Descriptor' in attr_list:
+ attribute.descriptor =
Descriptor.from_json(attr_list['Descriptor'])
+
+ return attribute
+
+
+class ProfileInput(object):
+ """
+ This class encapsulates all the attributes of a profile to generate a
+ specific property of a certificate.
+ Ex. Subject name, Requestor Information etc.
+ """
+
+ def __init__(self, profile_input_id=None, class_id=None, name=None, text=None,
attributes=None,
+ config_attributes=None):
+
+ self.profile_input_id = profile_input_id
+ self.class_id = class_id
+ self.name = name
+ self.text = text
+ if attributes is None:
+ self.attributes = []
+ if config_attributes is None:
+ self.config_attributes = []
+
+ @property
+ def profile_input_id(self):
+ return getattr(self, 'id')
+
+ @profile_input_id.setter
+ def profile_input_id(self, value):
+ setattr(self, 'id', value)
+
+ @property
+ def class_id(self):
+ return getattr(self, 'ClassID', None)
+
+ @class_id.setter
+ def class_id(self, value):
+ setattr(self, 'ClassID', value)
+
+ @property
+ def name(self):
+ return getattr(self, 'Name', None)
+
+ @name.setter
+ def name(self, value):
+ setattr(self, 'Name', value)
+
+ @property
+ def text(self):
+ return getattr(self, 'Text', None)
+
+ @text.setter
+ def text(self, value):
+ setattr(self, 'Text', value)
+
+ @property
+ def attributes(self):
+ return getattr(self, 'Attribute')
+
+ @attributes.setter
+ def attributes(self, value):
+ setattr(self, 'Attribute', value)
+
+ @property
+ def config_attributes(self):
+ return getattr(self, 'ConfigAttribute')
+
+ @config_attributes.setter
+ def config_attributes(self, value):
+ setattr(self, 'ConfigAttribute', value)
+
+ def add_attribute(self, profile_attribute):
+ self.attributes.append(profile_attribute)
+
+ def remove_attribute(self, profile_attribute_name):
+ for attr in self.attributes:
+ if attr.name == profile_attribute_name:
+ self.attributes.remove(attr)
+ break
+
+ def get_attribute(self, profile_attribute_name):
+ for attr in self.attributes:
+ if attr.name == profile_attribute_name:
+ return attr
+
+ return None
+
+ def add_config_attribute(self, profile_attribute):
+ self.attributes.append(profile_attribute)
+
+ def remove_config_attribute(self, config_attribute_name):
+ for attr in self.config_attributes:
+ if attr.name == config_attribute_name:
+ self.attributes.remove(attr)
+ break
+
+ def get_config_attribute(self, config_attribute_name):
+ for attr in self.attributes:
+ if attr.name == config_attribute_name:
+ return attr
+
+ return None
+
+ @classmethod
+ def from_json(cls, json_value):
+ profile_input = cls()
+ profile_input.profile_input_id = json_value['id']
+ profile_input.class_id = json_value['ClassID']
+ profile_input.name = json_value['Name']
+ if 'Text' in json_value:
+ profile_input.text = json_value['Text']
+
+ attributes = json_value['Attribute']
+ if not isinstance(attributes, types.ListType):
+ profile_input.attributes.append(ProfileAttribute.from_json(attributes))
+ else:
+ for profile_info in attributes:
+
profile_input.attributes.append(ProfileAttribute.from_json(profile_info))
+
+ config_attributes = json_value['ConfigAttribute']
+ if not isinstance(config_attributes, types.ListType):
+
profile_input.config_attributes.append(ProfileAttribute.from_json(config_attributes))
+ else:
+ for config_attribute in config_attributes:
+
profile_input.config_attributes.append(ProfileAttribute.from_json(config_attribute))
+
+ return profile_input
+
+
+class ProfileOutput(object):
+ """
+ This class defines the output of a certificate enrollment request
+ using a profile.
+ """
+
+ def __init__(self, profile_output_id=None, name=None, text=None, class_id=None,
attributes=None):
+ self.profile_output_id = profile_output_id
+ self.name = name
+ self.text = text
+ self.class_id = class_id
+ if attributes is None:
+ self.attributes = []
+
+ @property
+ def profile_output_id(self):
+ return getattr(self, 'id')
+
+ @profile_output_id.setter
+ def profile_output_id(self, value):
+ setattr(self, 'id', value)
+
+ @property
+ def class_id(self):
+ return getattr(self, 'classId', None)
+
+ @class_id.setter
+ def class_id(self, value):
+ setattr(self, 'classId', value)
+
+ def add_attribute(self, profile_attribute):
+ self.attributes.append(profile_attribute)
+
+ def remove_attribute(self, profile_attribute_name):
+ for attr in self.attributes:
+ if attr.name == profile_attribute_name:
+ self.attributes.remove(attr)
+ break
+
+ def get_attribute(self, profile_attribute_name):
+ for attr in self.attributes:
+ if attr.name == profile_attribute_name:
+ return attr
+
+ return None
+
+ @classmethod
+ def from_json(cls, json_value):
+ profile_output = cls()
+ profile_output.profile_output_id = json_value['id']
+ profile_output.name = json_value['name']
+ profile_output.text = json_value['text']
+ profile_output.class_id = json_value['classId']
+ attributes = json_value['attributes']
+ if not isinstance(attributes, types.ListType):
+ profile_output.attributes.append(ProfileAttribute.from_json(attributes))
+ else:
+ for profile_info in attributes:
+
profile_output.attributes.append(ProfileAttribute.from_json(profile_info))
+ return profile_output
+
+
+class ProfileParameter(object):
+
+ def __init__(self, name=None, value=None):
+ self.name = name
+ self.value = value
+
+ @classmethod
+ def from_json(cls, attr_list):
+ param = cls()
+ for attr in attr_list:
+ setattr(param, attr, attr_list[attr])
+ return param
+
+
+class PolicyDefault(object):
+ """
+ An object of this class contains information of the default usage of a specific
ProfileInput.
+ """
+
+ def __init__(self, name=None, class_id=None, description=None,
policy_attributes=None, policy_params=None):
+ self.name = name
+ self.class_id = class_id
+ self.description = description
+ if policy_attributes is None:
+ self.policy_attributes = []
+ else:
+ self.policy_attributes = policy_attributes
+ if policy_params is None:
+ self.policy_params = []
+ else:
+ self.policy_params = policy_params
+
+ @property
+ def name(self):
+ return getattr(self, 'id')
+
+ @name.setter
+ def name(self, value):
+ setattr(self, 'id', value)
+
+ @property
+ def class_id(self):
+ return getattr(self, 'classId')
+
+ @class_id.setter
+ def class_id(self, value):
+ setattr(self, 'classId', value)
+
+ @property
+ def policy_attributes(self):
+ return getattr(self, 'policyAttribute')
+
+ @policy_attributes.setter
+ def policy_attributes(self, value):
+ setattr(self, 'policyAttribute', value)
+
+ @property
+ def policy_params(self):
+ return getattr(self, 'params')
+
+ @policy_params.setter
+ def policy_params(self, value):
+ setattr(self, 'params', value)
+
+ @classmethod
+ def from_json(cls, json_value):
+ policy_def = cls()
+ if 'id' in json_value:
+ policy_def.name = json_value['id']
+ if 'classId' in json_value:
+ policy_def.class_id = json_value['classId']
+ if 'description' in json_value:
+ policy_def.description = json_value['description']
+ if 'policyAttribute' in json_value:
+ attributes = json_value['policyAttribute']
+ if not isinstance(attributes, types.ListType):
+
policy_def.policy_attributes.append(ProfileAttribute.from_json(attributes))
+ else:
+ for attr in attributes:
+
policy_def.policy_attributes.append(ProfileAttribute.from_json(attr))
+
+ if 'params' in json_value:
+ params = json_value['params']
+ if not isinstance(params, types.ListType):
+ policy_def.policy_params.append(ProfileParameter.from_json(params))
+ else:
+ for param in params:
+ policy_def.policy_params.append(ProfileParameter.from_json(param))
+
+ return policy_def
+
+
+class PolicyConstraintValue(object):
+
+ def __init__(self, name=None, value=None, descriptor=None):
+ self.name = name
+ self.value = value
+ self.descriptor = descriptor
+
+ @property
+ def name(self):
+ return getattr(self, 'id')
+
+ @name.setter
+ def name(self, value):
+ setattr(self, 'id', value)
+
+ @classmethod
+ def from_json(cls, json_value):
+ ret = cls()
+
+ ret.name = json_value['id']
+ ret.value = json_value['value']
+ if 'descriptor' in json_value:
+ ret.descriptor = Descriptor.from_json(json_value['descriptor'])
+
+ return ret
+
+
+class PolicyConstraint(object):
+ """
+ An object of this class contains the policy constraints applied to a ProfileInput
+ used by a certificate enrollment request.
+ """
+
+ def __init__(self, name=None, description=None, class_id=None,
policy_constraint_values=None):
+ self.name = name
+ self.description = description
+ self.class_id = class_id
+ if policy_constraint_values is None:
+ self.policy_constraint_values = []
+ else:
+ self.policy_constraint_values = policy_constraint_values
+
+ @property
+ def name(self):
+ return getattr(self, 'id')
+
+ @name.setter
+ def name(self, value):
+ setattr(self, 'id', value)
+
+ @property
+ def class_id(self):
+ return getattr(self, 'classId')
+
+ @class_id.setter
+ def class_id(self, value):
+ setattr(self, 'classId', value)
+
+ @property
+ def policy_constraint_values(self):
+ return getattr(self, 'constraint')
+
+ @policy_constraint_values.setter
+ def policy_constraint_values(self, value):
+ setattr(self, 'constraint', value)
+
+ @classmethod
+ def from_json(cls, json_value):
+ policy_constraint = cls()
+ if 'id' in json_value:
+ policy_constraint.name = json_value['id']
+ if 'description' in json_value:
+ policy_constraint.description = json_value['description']
+ if 'classId' in json_value:
+ policy_constraint.class_id = json_value['classId']
+ if 'constraint' in json_value:
+ constraints = json_value['constraint']
+ if not isinstance(constraints, types.ListType):
+
policy_constraint.policy_constraint_values.append(PolicyConstraintValue.from_json(constraints))
+ else:
+ for constraint in constraints:
+
policy_constraint.policy_constraint_values.append(PolicyConstraintValue.from_json(constraint))
+
+ return policy_constraint
+
+
+class ProfilePolicy(object):
+ """
+ This class represents the policy a profile adheres to.
+ An object of this class stores the default values for profile and the constraints
present on the
+ values of the attributes of the profile submitted for an enrollment request.
+ """
+
+ def __init__(self, policy_id=None, policy_default=None, policy_constraint=None):
+ self.policy_id = policy_id
+ self.policy_default = policy_default
+ self.policy_constraint = policy_constraint
+
+ @property
+ def policy_id(self):
+ return getattr(self, 'id')
+
+ @policy_id.setter
+ def policy_id(self, value):
+ setattr(self, 'id', value)
+
+ @property
+ def policy_default(self):
+ return getattr(self, 'def')
+
+ @policy_default.setter
+ def policy_default(self, value):
+ setattr(self, 'def', value)
+
+ @property
+ def policy_constraint(self):
+ return getattr(self, 'constraint')
+
+ @policy_constraint.setter
+ def policy_constraint(self, value):
+ setattr(self, 'constraint', value)
+
+ @classmethod
+ def from_json(cls, json_value):
+ return cls(json_value['id'],
PolicyDefault.from_json(json_value['def']),
+ PolicyConstraint.from_json(json_value['constraint']))
+
+
+class ProfilePolicySet(object):
+ """
+ Stores a list of ProfilePolicy objects.
+ """
+ def __init__(self):
+ self.policies = []
+
+ @classmethod
+ def from_json(cls, attr_list):
+ policy_set = cls()
+
+ policies = attr_list['policies']
+ if not isinstance(policies, types.ListType):
+ policy_set.policies.append(ProfilePolicy.from_json(policies))
+ else:
+ for policy in policies:
+ policy_set.policies.append(ProfilePolicy.from_json(policy))
+
+ return policy_set
--
1.8.5.3
>From ae8c2c3bbe0c4ac6ab62b6a58c71ce1899fe8c74 Mon Sep 17 00:00:00
2001
From: Abhishek Koneru <akoneru(a)redhat.com>
Date: Tue, 20 May 2014 21:01:24 -0400
Subject: [PATCH] Initial patch for ProfileClient implementation
This patch adds methods for listing profiles, retrieving aprofile,
enabling a profile and disabling a profile.
It also contains few cosmetic changes in account.py and
client.py(pycharm PEP8 warnings addressed)
---
base/common/python/pki/profile.py | 357 +++++++++++++++++++++++++++++++++++++-
1 file changed, 356 insertions(+), 1 deletion(-)
diff --git a/base/common/python/pki/profile.py b/base/common/python/pki/profile.py
index 490db0994cacf927ced96b5ed43790fda4327894..83cd8bcca0d9ad3841b0b6b74e2aa4a6724e5bbc
100644
--- a/base/common/python/pki/profile.py
+++ b/base/common/python/pki/profile.py
@@ -8,6 +8,8 @@ Created on May 13,, 2014
import types
import pki
+import pki.client as client
+import pki.account as account
class ProfileDataInfo(object):
@@ -325,7 +327,8 @@ class ProfileOutput(object):
profile_output = cls()
profile_output.profile_output_id = json_value['id']
profile_output.name = json_value['name']
- profile_output.text = json_value['text']
+ if 'text' in json_value:
+ profile_output.text = json_value['text']
profile_output.class_id = json_value['classId']
attributes = json_value['attributes']
if not isinstance(attributes, types.ListType):
@@ -575,3 +578,355 @@ class ProfilePolicySet(object):
policy_set.policies.append(ProfilePolicy.from_json(policy))
return policy_set
+
+
+class PolicySet(object):
+ """
+ An object of this class contains a name value pair of the
+ policy name and the ProfilePolicy object.
+ """
+ def __init__(self, name=None, policy_list=None):
+ self.name = name
+ if policy_list is None:
+ self.policy_list = []
+ else:
+ self.policy_list = policy_list
+
+ @property
+ def name(self):
+ return getattr(self, 'id')
+
+ @name.setter
+ def name(self, value):
+ setattr(self, 'id', value)
+
+ @property
+ def policy_list(self):
+ return getattr(self, 'value')
+
+ @policy_list.setter
+ def policy_list(self, value):
+ setattr(self, 'value', value)
+
+ @classmethod
+ def from_json(cls, json_value):
+ policy_set = cls()
+
+ policy_set.name = json_value['id']
+ policies = json_value['value']
+ if not isinstance(policies, types.ListType):
+ policy_set.policy_list.append(ProfilePolicy.from_json(policies))
+ else:
+ for policy in policies:
+ policy_set.policy_list.append(ProfilePolicy.from_json(policy))
+
+
+class PolicySetList(object):
+ """
+ An object of this class stores a list of ProfileSet objects.
+ """
+
+ def __init__(self, policy_sets=None):
+ if policy_sets is None:
+ self.policy_sets = []
+ else:
+ self.policy_sets = policy_sets
+
+ @property
+ def policy_sets(self):
+ return getattr(self, 'PolicySet')
+
+ @policy_sets.setter
+ def policy_sets(self, value):
+ setattr(self, 'PolicySet', value)
+
+ @classmethod
+ def from_json(cls, json_value):
+ policy_set_list = cls()
+ policy_sets = json_value['PolicySet']
+ if not isinstance(policy_sets, types.ListType):
+ policy_set_list.policy_sets.append(PolicySet.from_json(policy_sets))
+ else:
+ for policy_set in policy_sets:
+ policy_set_list.policy_sets.append(PolicySet.from_json(policy_set))
+
+
+class ProfileData(object):
+ """
+ This class represents an enrollment profile.
+ """
+
+ def __init__(self, profile_id=None, class_id=None, name=None, description=None,
enabled=None, visible=None,
+ enabled_by=None, authenticator_id=None, authorization_acl=None,
renewal=None, xml_output=None,
+ inputs=None, outputs=None, policy_sets=None, link=None):
+
+ self.profile_id = profile_id
+ self.name = name
+ self.class_id = class_id
+ self.description = description
+ self.enabled = enabled
+ self.visible = visible
+ self.enabled_by = enabled_by
+ self.authenticator_id = authenticator_id
+ self.authorization_acl = authorization_acl
+ self.renewal = renewal
+ self.xml_output = xml_output
+ if inputs is None:
+ self.inputs = []
+ else:
+ self.inputs = inputs
+ if outputs is None:
+ self.outputs = []
+ else:
+ self.outputs = outputs
+ if policy_sets is None:
+ self.policy_sets = []
+ else:
+ self.policy_sets = policy_sets
+ self.link = link
+
+ @property
+ def profile_id(self):
+ return getattr(self, 'id')
+
+ @profile_id.setter
+ def profile_id(self, value):
+ setattr(self, 'id', value)
+
+ @property
+ def class_id(self):
+ return getattr(self, 'classId')
+
+ @class_id.setter
+ def class_id(self, value):
+ setattr(self, 'classId', value)
+
+ @property
+ def enabled_by(self):
+ return getattr(self, 'enabledBy')
+
+ @enabled_by.setter
+ def enabled_by(self, value):
+ setattr(self, 'enabledBy', value)
+
+ @property
+ def authenticator_id(self):
+ return getattr(self, 'authenticatorId')
+
+ @authenticator_id.setter
+ def authenticator_id(self, value):
+ setattr(self, 'authenticatorId', value)
+
+ @property
+ def authorization_acl(self):
+ return getattr(self, 'authzAcl')
+
+ @authorization_acl.setter
+ def authorization_acl(self, value):
+ setattr(self, 'authzAcl', value)
+
+ @property
+ def xml_output(self):
+ return getattr(self, 'xmlOutput')
+
+ @xml_output.setter
+ def xml_output(self, value):
+ setattr(self, 'xmlOutput', value)
+
+ @property
+ def inputs(self):
+ return getattr(self, 'Input')
+
+ @inputs.setter
+ def inputs(self, value):
+ setattr(self, 'Input', value)
+
+ @property
+ def outputs(self):
+ return getattr(self, 'Output')
+
+ @outputs.setter
+ def outputs(self, value):
+ setattr(self, 'Output', value)
+
+ @property
+ def policy_sets(self):
+ return getattr(self, 'PolicySets')
+
+ @policy_sets.setter
+ def policy_sets(self, value):
+ setattr(self, 'PolicySets', value)
+
+ @classmethod
+ def from_json(cls, json_value):
+ profile_data = cls()
+ profile_data.profile_id = json_value['id']
+ profile_data.class_id = json_value['classId']
+ profile_data.name = json_value['name']
+ profile_data.description = json_value['description']
+ profile_data.enabled = json_value['enabled']
+ profile_data.visible = json_value['visible']
+ if 'enabledBy' in json_value:
+ profile_data.enabled_by = json_value['enabledBy']
+ if 'authenticatorId' in json_value:
+ profile_data.authenticator_id = json_value['authenticatorId']
+ profile_data.authorization_acl = json_value['authzAcl']
+ profile_data.renewal = json_value['renewal']
+ profile_data.xml_output = json_value['xmlOutput']
+
+ profile_inputs = json_value['Input']
+ if not isinstance(profile_inputs, types.ListType):
+ profile_data.inputs.append(ProfileInput.from_json(profile_inputs))
+ else:
+ for profile_input in profile_inputs:
+ profile_data.policy_sets.append(ProfileInput.from_json(profile_input))
+
+ profile_outputs = json_value['Output']
+ if not isinstance(profile_outputs, types.ListType):
+ profile_data.outputs.append(ProfileOutput.from_json(profile_outputs))
+ else:
+ for profile_output in profile_outputs:
+
profile_data.policy_sets.append(ProfileOutput.from_json(profile_output))
+
+ policy_sets = json_value['PolicySets']
+ if not isinstance(policy_sets, types.ListType):
+ profile_data.policy_sets.append(PolicySetList.from_json(policy_sets))
+ else:
+ for policy_set in policy_sets:
+ profile_data.policy_sets.append(PolicySetList.from_json(policy_set))
+
+ profile_data.link = pki.Link.from_json(json_value['link'])
+
+ return profile_data
+
+
+class ProfileClient(object):
+ """
+ This class consists of methods for accessing the ProfileResource.
+ """
+ def __init__(self, connection):
+ self.connection = connection
+ self.headers = {'Content-type': 'application/json',
+ 'Accept': 'application/json'}
+ self.profiles_url = '/rest/profiles'
+ self.account_client = account.AccountClient(connection)
+
+ def _get(self, url, query_params=None, payload=None):
+ self.account_client.login()
+ r = self.connection.get(url, self.headers, query_params, payload)
+ self.account_client.logout()
+ return r
+
+ def _post(self, url, payload=None, query_params=None):
+ self.account_client.login()
+ r = self.connection.post(url, payload, self.headers, query_params)
+ self.account_client.logout()
+ return r
+
+ @pki.handle_exceptions()
+ def list_profiles(self, start=None, size=None):
+ """
+ Fetches the list of profiles.
+ The start and size arguments provide pagination support.
+ Returns a ProfileDataInfoCollection object.
+ """
+ query_params = {
+ 'start': start,
+ 'size': size
+ }
+ r = self._get(self.profiles_url, query_params)
+ return ProfileDataInfoCollection.from_json(r.json())
+
+ @pki.handle_exceptions()
+ def get_profile(self, profile_id):
+ """
+ Fetches information for the profile for the given profile id.
+ Returns a ProfileData object.
+ """
+ if profile_id is None:
+ raise ValueError("Profile ID must be specified.")
+ url = self.profiles_url + '/' + str(profile_id)
+ r = self._get(url)
+ return ProfileData.from_json(r.json())
+
+ def _modify_profile_state(self, profile_id, action):
+ """
+ Internal method used to modify the profile state.
+ """
+ if profile_id is None:
+ raise ValueError("Profile ID must be specified.")
+ if action is None:
+ raise ValueError("A valid action(enable/disable) must be
specified.")
+
+ url = self.profiles_url + '/' + str(profile_id)
+ params = {'action': action}
+ self._post(url, query_params=params)
+
+ @pki.handle_exceptions()
+ def enable_profile(self, profile_id):
+ """
+ Enables a profile.
+ """
+ return self._modify_profile_state(profile_id, 'enable')
+
+ @pki.handle_exceptions()
+ def disable_profile(self, profile_id):
+ """
+ Disables a profile.
+ """
+ return self._modify_profile_state(profile_id, 'disable')
+
+
+def main():
+ # Initialize a PKIConnection object for the CA
+ connection = client.PKIConnection('https', 'localhost',
'8443', 'ca')
+
+ # The pem file used for authentication. Created from a p12 file using the command -
+ # openssl pkcs12 -in <p12_file_path> -out /tmp/auth.pem -nodes
+ connection.set_authentication_cert("/tmp/auth.pem")
+
+ #Initialize the ProfileClient class
+ profile_client = ProfileClient(connection)
+
+ #Fetching a list of profiles
+ profile_data_infos = profile_client.list_profiles()
+ print('List of profiles:')
+ print('-----------------')
+ for profile_data_info in profile_data_infos.profile_data_list:
+ print(' Profile ID: ' + profile_data_info.profile_id)
+ print(' Profile Name: ' + profile_data_info.profile_name)
+ print(' Profile Description: ' +
profile_data_info.profile_description)
+ print
+
+ # Get a specific profile
+ profile_data = profile_client.get_profile('caUserCert')
+ print('Profile Data for caUserCert:')
+ print('----------------------------')
+ print(' Profile ID: ' + profile_data.profile_id)
+ print(' Profile Name: ' + profile_data.name)
+ print(' Profile Description: ' + profile_data.description)
+ print(' Is profile enabled? ' + str(profile_data.enabled))
+ print(' Is profile visible? ' + str(profile_data.visible))
+ print
+
+ # Disabling a profile
+ print('Disabling a profile:')
+ print('--------------------')
+ profile_client.disable_profile('caUserCert')
+ profile = profile_client.get_profile('caUserCert')
+ print(' Profile ID: ' + profile.profile_id)
+ print(' Is profile enabled? ' + str(profile.enabled))
+ print
+
+ # Disabling a profile
+ print('Enabling a profile:')
+ print('-------------------')
+ profile_client.enable_profile('caUserCert')
+ profile = profile_client.get_profile('caUserCert')
+ print(' Profile ID: ' + profile_data.profile_id)
+ print(' Is profile enabled? ' + str(profile.enabled))
+ print
+
+
+if __name__ == "__main__":
+ main()
\ No newline at end of file
--
1.8.5.3
>From 4a237ad0edd25ddf378d204e26b835951aaaa3b2 Mon Sep 17 00:00:00
2001
From: Abhishek Koneru <akoneru(a)redhat.com>
Date: Fri, 23 May 2014 12:17:38 -0400
Subject: [PATCH] Addressed comments given for patches 92-2, 93, 94.
Addressed review comments for the patches that
implement the CertClient and a part of ProfileClient.
Also includes the pycharm project files in pki/.idea.
---
.idea/.name | 1 +
.idea/codeStyleSettings.xml | 14 +
.idea/encodings.xml | 5 +
.idea/misc.xml | 5 +
.idea/modules.xml | 9 +
.idea/pki.iml | 9 +
.idea/scopes/scope_settings.xml | 5 +
.idea/vcs.xml | 7 +
.idea/workspace.xml | 780 ++++++++++++++++++++++++++++++++++++++
base/common/python/pki/account.py | 3 +
base/common/python/pki/cert.py | 480 ++++++++++++++---------
base/common/python/pki/profile.py | 137 +++++--
12 files changed, 1242 insertions(+), 213 deletions(-)
create mode 100644 .idea/.name
create mode 100644 .idea/codeStyleSettings.xml
create mode 100644 .idea/encodings.xml
create mode 100644 .idea/misc.xml
create mode 100644 .idea/modules.xml
create mode 100644 .idea/pki.iml
create mode 100644 .idea/scopes/scope_settings.xml
create mode 100644 .idea/vcs.xml
create mode 100644 .idea/workspace.xml
diff --git a/.idea/.name b/.idea/.name
new file mode 100644
index 0000000000000000000000000000000000000000..a1cbd55fe0d55b799879256c4def7367783c2877
--- /dev/null
+++ b/.idea/.name
@@ -0,0 +1 @@
+pki
\ No newline at end of file
diff --git a/.idea/codeStyleSettings.xml b/.idea/codeStyleSettings.xml
new file mode 100644
index 0000000000000000000000000000000000000000..f99399bf8bc3e5c2de6d4ff649dd30eb634a18b7
--- /dev/null
+++ b/.idea/codeStyleSettings.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+ <component name="ProjectCodeStyleSettingsManager">
+ <option name="PER_PROJECT_SETTINGS">
+ <value>
+ <XML>
+ <option name="XML_LEGACY_SETTINGS_IMPORTED"
value="true" />
+ </XML>
+ </value>
+ </option>
+ <option name="PREFERRED_PROJECT_CODE_STYLE"
value="Dogtag_Code_Style" />
+ </component>
+</project>
+
diff --git a/.idea/encodings.xml b/.idea/encodings.xml
new file mode 100644
index 0000000000000000000000000000000000000000..e206d70d8595e2a50675ba11de48efcfa012497d
--- /dev/null
+++ b/.idea/encodings.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+ <component name="Encoding" useUTFGuessing="true"
native2AsciiForPropertiesFiles="false" />
+</project>
+
diff --git a/.idea/misc.xml b/.idea/misc.xml
new file mode 100644
index 0000000000000000000000000000000000000000..2e6cdab0109625e557c43478dd443d0b3bc05fac
--- /dev/null
+++ b/.idea/misc.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+ <component name="ProjectRootManager" version="2"
project-jdk-name="Python 2.7.5 (/usr/bin/python2.7)"
project-jdk-type="Python SDK" />
+</project>
+
diff --git a/.idea/modules.xml b/.idea/modules.xml
new file mode 100644
index 0000000000000000000000000000000000000000..34a47cab36485cf5819e2ebf3e1f27488da1ff38
--- /dev/null
+++ b/.idea/modules.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+ <component name="ProjectModuleManager">
+ <modules>
+ <module fileurl="file://$PROJECT_DIR$/.idea/pki.iml"
filepath="$PROJECT_DIR$/.idea/pki.iml" />
+ </modules>
+ </component>
+</project>
+
diff --git a/.idea/pki.iml b/.idea/pki.iml
new file mode 100644
index 0000000000000000000000000000000000000000..a34a85703f063917904e9e958b91cf9f4a2504e1
--- /dev/null
+++ b/.idea/pki.iml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="PYTHON_MODULE" version="4">
+ <component name="NewModuleRootManager">
+ <content url="file://$MODULE_DIR$" />
+ <orderEntry type="inheritedJdk" />
+ <orderEntry type="sourceFolder" forTests="false" />
+ </component>
+</module>
+
diff --git a/.idea/scopes/scope_settings.xml b/.idea/scopes/scope_settings.xml
new file mode 100644
index 0000000000000000000000000000000000000000..922003b8433bcad6ce9778a37628d738faa26389
--- /dev/null
+++ b/.idea/scopes/scope_settings.xml
@@ -0,0 +1,5 @@
+<component name="DependencyValidationManager">
+ <state>
+ <option name="SKIP_IMPORT_STATEMENTS" value="false" />
+ </state>
+</component>
\ No newline at end of file
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
new file mode 100644
index 0000000000000000000000000000000000000000..c80f2198b5f6863fd489ec8ac6c40a50ac1f7b30
--- /dev/null
+++ b/.idea/vcs.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+ <component name="VcsDirectoryMappings">
+ <mapping directory="$PROJECT_DIR$" vcs="Git" />
+ </component>
+</project>
+
diff --git a/.idea/workspace.xml b/.idea/workspace.xml
new file mode 100644
index 0000000000000000000000000000000000000000..17337d1f91ac4a118650061cd97d58b25b0171a6
--- /dev/null
+++ b/.idea/workspace.xml
@@ -0,0 +1,780 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+ <component name="ChangeListManager">
+ <list default="true"
id="c7272e4c-4c26-4a55-9c50-4b1b35d87164" name="Default"
comment="">
+ <change type="MODIFICATION"
beforePath="$PROJECT_DIR$/base/common/python/pki/cert.py"
afterPath="$PROJECT_DIR$/base/common/python/pki/cert.py" />
+ <change type="MODIFICATION"
beforePath="$PROJECT_DIR$/base/common/python/pki/profile.py"
afterPath="$PROJECT_DIR$/base/common/python/pki/profile.py" />
+ <change type="MODIFICATION"
beforePath="$PROJECT_DIR$/.idea/workspace.xml"
afterPath="$PROJECT_DIR$/.idea/workspace.xml" />
+ </list>
+ <ignored path="pki.iws" />
+ <ignored path=".idea/workspace.xml" />
+ <option name="TRACKING_ENABLED" value="true" />
+ <option name="SHOW_DIALOG" value="false" />
+ <option name="HIGHLIGHT_CONFLICTS" value="true" />
+ <option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false"
/>
+ <option name="LAST_RESOLUTION" value="IGNORE" />
+ </component>
+ <component name="ChangesViewManager" flattened_view="true"
show_ignored="false" />
+ <component name="CreatePatchCommitExecutor">
+ <option name="PATCH_PATH" value="" />
+ </component>
+ <component name="DaemonCodeAnalyzer">
+ <disable_hints />
+ </component>
+ <component name="ExecutionTargetManager"
SELECTED_TARGET="default_target" />
+ <component name="FavoritesManager">
+ <favorites_list name="pki" />
+ </component>
+ <component name="FileEditorManager">
+ <leaf>
+ <file leaf-file-name="cert.py" pinned="false"
current="false" current-in-tab="false">
+ <entry
file="file://$PROJECT_DIR$/base/common/python/pki/cert.py">
+ <provider selected="true"
editor-type-id="text-editor">
+ <state line="1108" column="9"
selection-start="41945" selection-end="41945"
vertical-scroll-proportion="0.0" vertical-offset="16500"
max-vertical-offset="19335">
+ <folding />
+ </state>
+ </provider>
+ </entry>
+ </file>
+ <file leaf-file-name="encoder.py" pinned="false"
current="false" current-in-tab="false">
+ <entry
file="file://$PROJECT_DIR$/base/common/python/pki/encoder.py">
+ <provider selected="true"
editor-type-id="text-editor">
+ <state line="33" column="34"
selection-start="1482" selection-end="1482"
vertical-scroll-proportion="0.0" vertical-offset="495"
max-vertical-offset="810">
+ <folding />
+ </state>
+ </provider>
+ </entry>
+ </file>
+ <file leaf-file-name="profile.py" pinned="false"
current="true" current-in-tab="true">
+ <entry
file="file://$PROJECT_DIR$/base/common/python/pki/profile.py">
+ <provider selected="true"
editor-type-id="text-editor">
+ <state line="961" column="41"
selection-start="28774" selection-end="28774"
vertical-scroll-proportion="0.71965814" vertical-offset="13934"
max-vertical-offset="14880">
+ <folding />
+ </state>
+ </provider>
+ </entry>
+ </file>
+ </leaf>
+ </component>
+ <component name="FindManager">
+ <FindUsagesManager>
+ <setting name="OPEN_NEW_TAB" value="false" />
+ </FindUsagesManager>
+ </component>
+ <component name="Git.Settings">
+ <option name="RECENT_GIT_ROOT_PATH" value="$PROJECT_DIR$"
/>
+ </component>
+ <component name="IdeDocumentHistory">
+ <option name="changedFiles">
+ <list>
+ <option value="$PROJECT_DIR$/base/common/python/pki/system.py"
/>
+ <option value="/usr/lib/python2.7/site-packages/pki/__init__.py"
/>
+ <option value="/usr/lib/python2.7/site-packages/pki/profile.py"
/>
+ <option value="$PROJECT_DIR$/base/common/python/pki/__init__.py"
/>
+ <option value="$PROJECT_DIR$/base/common/python/pki/client.py"
/>
+ <option value="$PROJECT_DIR$/base/common/python/pki/key.py" />
+ <option value="$PROJECT_DIR$/base/common/python/pki/account.py"
/>
+ <option value="$PROJECT_DIR$/base/common/python/pki/cert.py" />
+ <option value="$PROJECT_DIR$/base/common/python/pki/profile.py"
/>
+ </list>
+ </option>
+ </component>
+ <component name="ProjectFrameBounds">
+ <option name="width" value="1920" />
+ <option name="height" value="1055" />
+ </component>
+ <component name="ProjectLevelVcsManager"
settingsEditedManually="false">
+ <OptionsSetting value="true" id="Add" />
+ <OptionsSetting value="true" id="Remove" />
+ <OptionsSetting value="true" id="Checkout" />
+ <OptionsSetting value="true" id="Update" />
+ <OptionsSetting value="true" id="Status" />
+ <OptionsSetting value="true" id="Edit" />
+ <ConfirmationsSetting value="0" id="Add" />
+ <ConfirmationsSetting value="0" id="Remove" />
+ </component>
+ <component name="ProjectReloadState">
+ <option name="STATE" value="0" />
+ </component>
+ <component name="ProjectView">
+ <navigator currentView="ProjectPane" proportions=""
version="1" splitterProportion="0.5">
+ <flattenPackages />
+ <showMembers />
+ <showModules />
+ <showLibraryContents />
+ <hideEmptyPackages />
+ <abbreviatePackageNames />
+ <autoscrollToSource />
+ <autoscrollFromSource />
+ <sortByType />
+ </navigator>
+ <panes>
+ <pane id="Scope" />
+ <pane id="ProjectPane">
+ <subPane>
+ <PATH>
+ <PATH_ELEMENT>
+ <option name="myItemId" value="pki" />
+ <option name="myItemType"
value="com.intellij.ide.projectView.impl.nodes.ProjectViewProjectNode" />
+ </PATH_ELEMENT>
+ </PATH>
+ <PATH>
+ <PATH_ELEMENT>
+ <option name="myItemId" value="pki" />
+ <option name="myItemType"
value="com.intellij.ide.projectView.impl.nodes.ProjectViewProjectNode" />
+ </PATH_ELEMENT>
+ <PATH_ELEMENT>
+ <option name="myItemId" value="pki" />
+ <option name="myItemType"
value="com.intellij.ide.projectView.impl.nodes.PsiDirectoryNode" />
+ </PATH_ELEMENT>
+ </PATH>
+ <PATH>
+ <PATH_ELEMENT>
+ <option name="myItemId" value="pki" />
+ <option name="myItemType"
value="com.intellij.ide.projectView.impl.nodes.ProjectViewProjectNode" />
+ </PATH_ELEMENT>
+ <PATH_ELEMENT>
+ <option name="myItemId" value="pki" />
+ <option name="myItemType"
value="com.intellij.ide.projectView.impl.nodes.PsiDirectoryNode" />
+ </PATH_ELEMENT>
+ <PATH_ELEMENT>
+ <option name="myItemId" value="base" />
+ <option name="myItemType"
value="com.intellij.ide.projectView.impl.nodes.PsiDirectoryNode" />
+ </PATH_ELEMENT>
+ </PATH>
+ <PATH>
+ <PATH_ELEMENT>
+ <option name="myItemId" value="pki" />
+ <option name="myItemType"
value="com.intellij.ide.projectView.impl.nodes.ProjectViewProjectNode" />
+ </PATH_ELEMENT>
+ <PATH_ELEMENT>
+ <option name="myItemId" value="pki" />
+ <option name="myItemType"
value="com.intellij.ide.projectView.impl.nodes.PsiDirectoryNode" />
+ </PATH_ELEMENT>
+ <PATH_ELEMENT>
+ <option name="myItemId" value="base" />
+ <option name="myItemType"
value="com.intellij.ide.projectView.impl.nodes.PsiDirectoryNode" />
+ </PATH_ELEMENT>
+ <PATH_ELEMENT>
+ <option name="myItemId" value="kra" />
+ <option name="myItemType"
value="com.intellij.ide.projectView.impl.nodes.PsiDirectoryNode" />
+ </PATH_ELEMENT>
+ </PATH>
+ <PATH>
+ <PATH_ELEMENT>
+ <option name="myItemId" value="pki" />
+ <option name="myItemType"
value="com.intellij.ide.projectView.impl.nodes.ProjectViewProjectNode" />
+ </PATH_ELEMENT>
+ <PATH_ELEMENT>
+ <option name="myItemId" value="pki" />
+ <option name="myItemType"
value="com.intellij.ide.projectView.impl.nodes.PsiDirectoryNode" />
+ </PATH_ELEMENT>
+ <PATH_ELEMENT>
+ <option name="myItemId" value="base" />
+ <option name="myItemType"
value="com.intellij.ide.projectView.impl.nodes.PsiDirectoryNode" />
+ </PATH_ELEMENT>
+ <PATH_ELEMENT>
+ <option name="myItemId" value="kra" />
+ <option name="myItemType"
value="com.intellij.ide.projectView.impl.nodes.PsiDirectoryNode" />
+ </PATH_ELEMENT>
+ <PATH_ELEMENT>
+ <option name="myItemId" value="functional" />
+ <option name="myItemType"
value="com.intellij.ide.projectView.impl.nodes.PsiDirectoryNode" />
+ </PATH_ELEMENT>
+ </PATH>
+ <PATH>
+ <PATH_ELEMENT>
+ <option name="myItemId" value="pki" />
+ <option name="myItemType"
value="com.intellij.ide.projectView.impl.nodes.ProjectViewProjectNode" />
+ </PATH_ELEMENT>
+ <PATH_ELEMENT>
+ <option name="myItemId" value="pki" />
+ <option name="myItemType"
value="com.intellij.ide.projectView.impl.nodes.PsiDirectoryNode" />
+ </PATH_ELEMENT>
+ <PATH_ELEMENT>
+ <option name="myItemId" value="base" />
+ <option name="myItemType"
value="com.intellij.ide.projectView.impl.nodes.PsiDirectoryNode" />
+ </PATH_ELEMENT>
+ <PATH_ELEMENT>
+ <option name="myItemId" value="common" />
+ <option name="myItemType"
value="com.intellij.ide.projectView.impl.nodes.PsiDirectoryNode" />
+ </PATH_ELEMENT>
+ </PATH>
+ <PATH>
+ <PATH_ELEMENT>
+ <option name="myItemId" value="pki" />
+ <option name="myItemType"
value="com.intellij.ide.projectView.impl.nodes.ProjectViewProjectNode" />
+ </PATH_ELEMENT>
+ <PATH_ELEMENT>
+ <option name="myItemId" value="pki" />
+ <option name="myItemType"
value="com.intellij.ide.projectView.impl.nodes.PsiDirectoryNode" />
+ </PATH_ELEMENT>
+ <PATH_ELEMENT>
+ <option name="myItemId" value="base" />
+ <option name="myItemType"
value="com.intellij.ide.projectView.impl.nodes.PsiDirectoryNode" />
+ </PATH_ELEMENT>
+ <PATH_ELEMENT>
+ <option name="myItemId" value="common" />
+ <option name="myItemType"
value="com.intellij.ide.projectView.impl.nodes.PsiDirectoryNode" />
+ </PATH_ELEMENT>
+ <PATH_ELEMENT>
+ <option name="myItemId" value="python" />
+ <option name="myItemType"
value="com.intellij.ide.projectView.impl.nodes.PsiDirectoryNode" />
+ </PATH_ELEMENT>
+ <PATH_ELEMENT>
+ <option name="myItemId" value="pki" />
+ <option name="myItemType"
value="com.intellij.ide.projectView.impl.nodes.PsiDirectoryNode" />
+ </PATH_ELEMENT>
+ </PATH>
+ </subPane>
+ </pane>
+ </panes>
+ </component>
+ <component name="PropertiesComponent">
+ <property name="options.lastSelected"
value="preferences.sourceCode.General" />
+ <property name="options.splitter.main.proportions"
value="0.3" />
+ <property name="options.splitter.details.proportions"
value="0.2" />
+ <property name="options.searchVisible" value="true" />
+ <property name="LayoutCode.rearrangeEntriesPython"
value="false" />
+ <property name="last_opened_file_path" value="$PROJECT_DIR$"
/>
+ <property name="recentsLimit" value="5" />
+ <property name="FullScreen" value="false" />
+ </component>
+ <component name="PyConsoleOptionsProvider">
+ <option name="myPythonConsoleState">
+ <console-settings />
+ </option>
+ </component>
+ <component name="RunManager" selected="Python.cert">
+ <configuration default="false" name="drmtest"
type="PythonConfigurationType" factoryName="Python"
temporary="true">
+ <option name="INTERPRETER_OPTIONS" value="" />
+ <option name="PARENT_ENVS" value="true" />
+ <envs>
+ <env name="PYTHONUNBUFFERED" value="1" />
+ </envs>
+ <option name="SDK_HOME" value="" />
+ <option name="WORKING_DIRECTORY"
value="$PROJECT_DIR$/base/kra/functional" />
+ <option name="IS_MODULE_SDK" value="true" />
+ <option name="ADD_CONTENT_ROOTS" value="true" />
+ <option name="ADD_SOURCE_ROOTS" value="true" />
+ <module name="pki" />
+ <option name="SCRIPT_NAME"
value="$PROJECT_DIR$/base/kra/functional/drmtest.py" />
+ <option name="PARAMETERS" value="" />
+ <RunnerSettings RunnerId="PythonRunner" />
+ <ConfigurationWrapper RunnerId="PythonRunner" />
+ <method />
+ </configuration>
+ <configuration default="true" type="tests"
factoryName="py.test">
+ <option name="INTERPRETER_OPTIONS" value="" />
+ <option name="PARENT_ENVS" value="true" />
+ <envs />
+ <option name="SDK_HOME" value="" />
+ <option name="WORKING_DIRECTORY" value="" />
+ <option name="IS_MODULE_SDK" value="false" />
+ <option name="ADD_CONTENT_ROOTS" value="true" />
+ <option name="ADD_SOURCE_ROOTS" value="true" />
+ <module name="pki" />
+ <option name="SCRIPT_NAME" value="" />
+ <option name="CLASS_NAME" value="" />
+ <option name="METHOD_NAME" value="" />
+ <option name="FOLDER_NAME" value="" />
+ <option name="TEST_TYPE" value="TEST_SCRIPT" />
+ <option name="PATTERN" value="" />
+ <option name="USE_PATTERN" value="false" />
+ <option name="testToRun" value="" />
+ <option name="keywords" value="" />
+ <option name="params" value="" />
+ <option name="USE_PARAM" value="false" />
+ <option name="USE_KEYWORD" value="false" />
+ <method />
+ </configuration>
+ <configuration default="true" type="tests"
factoryName="Nosetests">
+ <option name="INTERPRETER_OPTIONS" value="" />
+ <option name="PARENT_ENVS" value="true" />
+ <envs />
+ <option name="SDK_HOME" value="" />
+ <option name="WORKING_DIRECTORY" value="" />
+ <option name="IS_MODULE_SDK" value="false" />
+ <option name="ADD_CONTENT_ROOTS" value="true" />
+ <option name="ADD_SOURCE_ROOTS" value="true" />
+ <module name="pki" />
+ <option name="SCRIPT_NAME" value="" />
+ <option name="CLASS_NAME" value="" />
+ <option name="METHOD_NAME" value="" />
+ <option name="FOLDER_NAME" value="" />
+ <option name="TEST_TYPE" value="TEST_SCRIPT" />
+ <option name="PATTERN" value="" />
+ <option name="USE_PATTERN" value="false" />
+ <option name="PARAMS" value="" />
+ <option name="USE_PARAM" value="false" />
+ <method />
+ </configuration>
+ <configuration default="true" type="PythonConfigurationType"
factoryName="Python">
+ <option name="INTERPRETER_OPTIONS" value="" />
+ <option name="PARENT_ENVS" value="true" />
+ <envs>
+ <env name="PYTHONUNBUFFERED" value="1" />
+ </envs>
+ <option name="SDK_HOME" value="" />
+ <option name="WORKING_DIRECTORY" value="" />
+ <option name="IS_MODULE_SDK" value="false" />
+ <option name="ADD_CONTENT_ROOTS" value="true" />
+ <option name="ADD_SOURCE_ROOTS" value="true" />
+ <module name="pki" />
+ <option name="SCRIPT_NAME" value="" />
+ <option name="PARAMETERS" value="" />
+ <method />
+ </configuration>
+ <configuration default="true" type="tests"
factoryName="Unittests">
+ <option name="INTERPRETER_OPTIONS" value="" />
+ <option name="PARENT_ENVS" value="true" />
+ <envs />
+ <option name="SDK_HOME" value="" />
+ <option name="WORKING_DIRECTORY" value="" />
+ <option name="IS_MODULE_SDK" value="false" />
+ <option name="ADD_CONTENT_ROOTS" value="true" />
+ <option name="ADD_SOURCE_ROOTS" value="true" />
+ <module name="pki" />
+ <option name="SCRIPT_NAME" value="" />
+ <option name="CLASS_NAME" value="" />
+ <option name="METHOD_NAME" value="" />
+ <option name="FOLDER_NAME" value="" />
+ <option name="TEST_TYPE" value="TEST_SCRIPT" />
+ <option name="PATTERN" value="" />
+ <option name="USE_PATTERN" value="false" />
+ <option name="PUREUNITTEST" value="true" />
+ <option name="PARAMS" value="" />
+ <option name="USE_PARAM" value="false" />
+ <method />
+ </configuration>
+ <configuration default="true" type="tests"
factoryName="Doctests">
+ <option name="INTERPRETER_OPTIONS" value="" />
+ <option name="PARENT_ENVS" value="true" />
+ <envs />
+ <option name="SDK_HOME" value="" />
+ <option name="WORKING_DIRECTORY" value="" />
+ <option name="IS_MODULE_SDK" value="false" />
+ <option name="ADD_CONTENT_ROOTS" value="true" />
+ <option name="ADD_SOURCE_ROOTS" value="true" />
+ <module name="pki" />
+ <option name="SCRIPT_NAME" value="" />
+ <option name="CLASS_NAME" value="" />
+ <option name="METHOD_NAME" value="" />
+ <option name="FOLDER_NAME" value="" />
+ <option name="TEST_TYPE" value="TEST_SCRIPT" />
+ <option name="PATTERN" value="" />
+ <option name="USE_PATTERN" value="false" />
+ <method />
+ </configuration>
+ <configuration default="true" type="tests"
factoryName="Attests">
+ <option name="INTERPRETER_OPTIONS" value="" />
+ <option name="PARENT_ENVS" value="true" />
+ <envs />
+ <option name="SDK_HOME" value="" />
+ <option name="WORKING_DIRECTORY" value="" />
+ <option name="IS_MODULE_SDK" value="false" />
+ <option name="ADD_CONTENT_ROOTS" value="true" />
+ <option name="ADD_SOURCE_ROOTS" value="true" />
+ <module name="pki" />
+ <option name="SCRIPT_NAME" value="" />
+ <option name="CLASS_NAME" value="" />
+ <option name="METHOD_NAME" value="" />
+ <option name="FOLDER_NAME" value="" />
+ <option name="TEST_TYPE" value="TEST_SCRIPT" />
+ <option name="PATTERN" value="" />
+ <option name="USE_PATTERN" value="false" />
+ <method />
+ </configuration>
+ <configuration default="false" name="cert"
type="PythonConfigurationType" factoryName="Python">
+ <option name="INTERPRETER_OPTIONS" value="" />
+ <option name="PARENT_ENVS" value="true" />
+ <envs>
+ <env name="PYTHONUNBUFFERED" value="1" />
+ </envs>
+ <option name="SDK_HOME" value="" />
+ <option name="WORKING_DIRECTORY"
value="$PROJECT_DIR$/base/common/python/pki" />
+ <option name="IS_MODULE_SDK" value="true" />
+ <option name="ADD_CONTENT_ROOTS" value="true" />
+ <option name="ADD_SOURCE_ROOTS" value="true" />
+ <module name="pki" />
+ <option name="SCRIPT_NAME"
value="$PROJECT_DIR$/base/common/python/pki/cert.py" />
+ <option name="PARAMETERS" value="" />
+ <RunnerSettings RunnerId="PythonRunner" />
+ <ConfigurationWrapper RunnerId="PythonRunner" />
+ <method />
+ </configuration>
+ <configuration default="false" name="profile"
type="PythonConfigurationType" factoryName="Python">
+ <option name="INTERPRETER_OPTIONS" value="" />
+ <option name="PARENT_ENVS" value="true" />
+ <envs>
+ <env name="PYTHONUNBUFFERED" value="1" />
+ </envs>
+ <option name="SDK_HOME" value="" />
+ <option name="WORKING_DIRECTORY"
value="$PROJECT_DIR$/base/common/python/pki" />
+ <option name="IS_MODULE_SDK" value="true" />
+ <option name="ADD_CONTENT_ROOTS" value="true" />
+ <option name="ADD_SOURCE_ROOTS" value="true" />
+ <module name="pki" />
+ <option name="SCRIPT_NAME"
value="$PROJECT_DIR$/base/common/python/pki/profile.py" />
+ <option name="PARAMETERS" value="" />
+ <RunnerSettings RunnerId="PythonRunner" />
+ <ConfigurationWrapper RunnerId="PythonRunner" />
+ <method />
+ </configuration>
+ <list size="3">
+ <item index="0" class="java.lang.String"
itemvalue="Python.cert" />
+ <item index="1" class="java.lang.String"
itemvalue="Python.profile" />
+ <item index="2" class="java.lang.String"
itemvalue="Python.drmtest" />
+ </list>
+ <recent_temporary>
+ <list size="1">
+ <item index="0" class="java.lang.String"
itemvalue="Python.drmtest" />
+ </list>
+ </recent_temporary>
+ </component>
+ <component name="ShelveChangesManager" show_recycled="false"
/>
+ <component name="SvnConfiguration" maxAnnotateRevisions="500"
myUseAcceleration="nothing" myAutoUpdateAfterCommit="false"
cleanupOnStartRun="false" SSL_PROTOCOLS="all">
+ <option name="USER" value="" />
+ <option name="PASSWORD" value="" />
+ <option name="mySSHConnectionTimeout" value="30000" />
+ <option name="mySSHReadTimeout" value="30000" />
+ <option name="LAST_MERGED_REVISION" />
+ <option name="MERGE_DRY_RUN" value="false" />
+ <option name="MERGE_DIFF_USE_ANCESTRY" value="true" />
+ <option name="UPDATE_LOCK_ON_DEMAND" value="false" />
+ <option name="IGNORE_SPACES_IN_MERGE" value="false" />
+ <option name="CHECK_NESTED_FOR_QUICK_MERGE" value="false"
/>
+ <option name="IGNORE_SPACES_IN_ANNOTATE" value="true" />
+ <option name="SHOW_MERGE_SOURCES_IN_ANNOTATE" value="true"
/>
+ <option name="FORCE_UPDATE" value="false" />
+ <option name="IGNORE_EXTERNALS" value="false" />
+ <myIsUseDefaultProxy>false</myIsUseDefaultProxy>
+ </component>
+ <component name="TaskManager">
+ <task active="true" id="Default" summary="Default
task">
+ <changelist id="c7272e4c-4c26-4a55-9c50-4b1b35d87164"
name="Default" comment="" />
+ <created>1399489373098</created>
+ <updated>1399489373098</updated>
+ </task>
+ <servers />
+ </component>
+ <component name="ToolWindowManager">
+ <frame x="0" y="0" width="1920"
height="1055" extended-state="0" />
+ <editor active="true" />
+ <layout>
+ <window_info id="Changes" active="false"
anchor="bottom" auto_hide="false" internal_type="DOCKED"
type="DOCKED" visible="false" weight="0.33"
sideWeight="0.5" order="7" side_tool="false"
content_ui="tabs" />
+ <window_info id="Terminal" active="false"
anchor="bottom" auto_hide="false" internal_type="DOCKED"
type="DOCKED" visible="false" weight="0.33"
sideWeight="0.5" order="10" side_tool="false"
content_ui="tabs" />
+ <window_info id="TODO" active="false"
anchor="bottom" auto_hide="false" internal_type="DOCKED"
type="DOCKED" visible="false" weight="0.33"
sideWeight="0.5" order="6" side_tool="false"
content_ui="tabs" />
+ <window_info id="Structure" active="false"
anchor="left" auto_hide="false" internal_type="DOCKED"
type="DOCKED" visible="false" weight="0.25"
sideWeight="0.5" order="1" side_tool="false"
content_ui="tabs" />
+ <window_info id="Project" active="false"
anchor="left" auto_hide="false" internal_type="DOCKED"
type="DOCKED" visible="true" weight="0.18071012"
sideWeight="0.5" order="0" side_tool="false"
content_ui="combo" />
+ <window_info id="Debug" active="false"
anchor="bottom" auto_hide="false" internal_type="DOCKED"
type="DOCKED" visible="false" weight="0.4"
sideWeight="0.5" order="3" side_tool="false"
content_ui="tabs" />
+ <window_info id="Favorites" active="false"
anchor="left" auto_hide="false" internal_type="DOCKED"
type="DOCKED" visible="false" weight="0.33"
sideWeight="0.5" order="2" side_tool="true"
content_ui="tabs" />
+ <window_info id="Event Log" active="false"
anchor="bottom" auto_hide="false" internal_type="DOCKED"
type="DOCKED" visible="false" weight="0.32911393"
sideWeight="0.5" order="8" side_tool="true"
content_ui="tabs" />
+ <window_info id="Run" active="false"
anchor="bottom" auto_hide="false" internal_type="DOCKED"
type="DOCKED" visible="true" weight="0.32826087"
sideWeight="0.5" order="2" side_tool="false"
content_ui="tabs" />
+ <window_info id="Version Control" active="false"
anchor="bottom" auto_hide="false" internal_type="DOCKED"
type="DOCKED" visible="false" weight="0.33"
sideWeight="0.5" order="9" side_tool="false"
content_ui="tabs" />
+ <window_info id="Cvs" active="false"
anchor="bottom" auto_hide="false" internal_type="DOCKED"
type="DOCKED" visible="false" weight="0.25"
sideWeight="0.5" order="4" side_tool="false"
content_ui="tabs" />
+ <window_info id="Message" active="false"
anchor="bottom" auto_hide="false" internal_type="DOCKED"
type="DOCKED" visible="false" weight="0.33"
sideWeight="0.5" order="0" side_tool="false"
content_ui="tabs" />
+ <window_info id="Ant Build" active="false"
anchor="right" auto_hide="false" internal_type="DOCKED"
type="DOCKED" visible="false" weight="0.25"
sideWeight="0.5" order="1" side_tool="false"
content_ui="tabs" />
+ <window_info id="Find" active="false"
anchor="bottom" auto_hide="false" internal_type="DOCKED"
type="DOCKED" visible="false" weight="0.32911393"
sideWeight="0.5" order="1" side_tool="false"
content_ui="tabs" />
+ <window_info id="Commander" active="false"
anchor="right" auto_hide="false" internal_type="SLIDING"
type="SLIDING" visible="false" weight="0.4"
sideWeight="0.5" order="0" side_tool="false"
content_ui="tabs" />
+ <window_info id="Hierarchy" active="false"
anchor="right" auto_hide="false" internal_type="DOCKED"
type="DOCKED" visible="false" weight="0.25"
sideWeight="0.5" order="2" side_tool="false"
content_ui="combo" />
+ <window_info id="Inspection" active="false"
anchor="bottom" auto_hide="false" internal_type="DOCKED"
type="DOCKED" visible="false" weight="0.4"
sideWeight="0.5" order="5" side_tool="false"
content_ui="tabs" />
+ </layout>
+ </component>
+ <component name="Vcs.Log.UiProperties">
+ <option name="RECENTLY_FILTERED_USER_GROUPS">
+ <collection />
+ </option>
+ </component>
+ <component name="VcsContentAnnotationSettings">
+ <option name="myLimit" value="2678400000" />
+ </component>
+ <component name="VcsManagerConfiguration">
+ <option name="myTodoPanelSettings">
+ <TodoPanelSettings />
+ </option>
+ </component>
+ <component name="XDebuggerManager">
+ <breakpoint-manager />
+ </component>
+ <component name="editorHistoryManager">
+ <entry
file="file://$PROJECT_DIR$/base/common/python/pki/__init__.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="71" column="11"
selection-start="2182" selection-end="2182"
vertical-scroll-proportion="0.0" vertical-offset="1065"
max-vertical-offset="5505" />
+ </provider>
+ </entry>
+ <entry file="file://$PROJECT_DIR$/base/common/python/pki/key.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="186" column="19"
selection-start="5179" selection-end="5332"
vertical-scroll-proportion="0.0" vertical-offset="12090"
max-vertical-offset="13005" />
+ </provider>
+ </entry>
+ <entry file="file://$PROJECT_DIR$/base/kra/functional/drmtest.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="63" column="62"
selection-start="2479" selection-end="2479"
vertical-scroll-proportion="0.0" vertical-offset="945"
max-vertical-offset="3645" />
+ </provider>
+ </entry>
+ <entry
file="file://$PROJECT_DIR$/base/common/python/pki/encoder.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="38" column="50"
selection-start="1722" selection-end="1722"
vertical-scroll-proportion="0.0" vertical-offset="570"
max-vertical-offset="795" />
+ </provider>
+ </entry>
+ <entry file="file://$PROJECT_DIR$/base/common/python/pki/cert.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="94" column="0"
selection-start="2610" selection-end="2610"
vertical-scroll-proportion="0.0" vertical-offset="1210"
max-vertical-offset="3330">
+ <folding />
+ </state>
+ </provider>
+ </entry>
+ <entry
file="file://$PROJECT_DIR$/base/common/python/pki/client.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="55" column="0"
selection-start="1874" selection-end="1874"
vertical-scroll-proportion="0.0" vertical-offset="825"
max-vertical-offset="1335" />
+ </provider>
+ </entry>
+ <entry
file="file://$PROJECT_DIR$/base/common/python/pki/system.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="97" column="23"
selection-start="3204" selection-end="3204"
vertical-scroll-proportion="0.0" vertical-offset="1455"
max-vertical-offset="2175" />
+ </provider>
+ </entry>
+ <entry
file="file://$PROJECT_DIR$/base/common/python/pki/__init__.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="71" column="11"
selection-start="2182" selection-end="2182"
vertical-scroll-proportion="0.0" vertical-offset="1065"
max-vertical-offset="5505" />
+ </provider>
+ </entry>
+ <entry file="file://$PROJECT_DIR$/base/common/python/pki/key.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="186" column="19"
selection-start="5179" selection-end="5332"
vertical-scroll-proportion="0.0" vertical-offset="12090"
max-vertical-offset="13005" />
+ </provider>
+ </entry>
+ <entry file="file://$PROJECT_DIR$/base/kra/functional/drmtest.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="63" column="62"
selection-start="2479" selection-end="2479"
vertical-scroll-proportion="0.0" vertical-offset="945"
max-vertical-offset="3645" />
+ </provider>
+ </entry>
+ <entry
file="file://$PROJECT_DIR$/base/common/python/pki/encoder.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="38" column="50"
selection-start="1722" selection-end="1722"
vertical-scroll-proportion="0.0" vertical-offset="570"
max-vertical-offset="795" />
+ </provider>
+ </entry>
+ <entry file="file://$PROJECT_DIR$/base/common/python/pki/cert.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="189" column="0"
selection-start="6042" selection-end="6647"
vertical-scroll-proportion="0.0" vertical-offset="2635"
max-vertical-offset="8925">
+ <folding />
+ </state>
+ </provider>
+ </entry>
+ <entry
file="file://$PROJECT_DIR$/base/common/python/pki/client.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="56" column="8"
selection-start="1883" selection-end="1883"
vertical-scroll-proportion="0.0" vertical-offset="840"
max-vertical-offset="1350" />
+ </provider>
+ </entry>
+ <entry file="file:///usr/lib64/python2.7/types.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="38" column="0"
selection-start="965" selection-end="965"
vertical-scroll-proportion="0.0" vertical-offset="435"
max-vertical-offset="1350" />
+ </provider>
+ </entry>
+ <entry
file="file://$PROJECT_DIR$/base/common/python/pki/__init__.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="376" column="0"
selection-start="11538" selection-end="11538"
vertical-scroll-proportion="0.0" vertical-offset="0"
max-vertical-offset="5730" />
+ </provider>
+ </entry>
+ <entry file="file://$PROJECT_DIR$/base/common/python/pki/key.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="0" column="0" selection-start="0"
selection-end="0" vertical-scroll-proportion="0.0"
vertical-offset="0" max-vertical-offset="12705" />
+ </provider>
+ </entry>
+ <entry
file="file://$PROJECT_DIR$/base/common/python/pki/encoder.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="38" column="50"
selection-start="1722" selection-end="1722"
vertical-scroll-proportion="0.0" vertical-offset="570"
max-vertical-offset="795" />
+ </provider>
+ </entry>
+ <entry file="file:///usr/lib64/python2.7/json/encoder.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="164" column="8"
selection-start="6162" selection-end="6162"
vertical-scroll-proportion="0.0" vertical-offset="2155"
max-vertical-offset="6810" />
+ </provider>
+ </entry>
+ <entry file="file://$PROJECT_DIR$/base/common/python/pki/cert.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="433" column="13"
selection-start="18082" selection-end="18082"
vertical-scroll-proportion="0.0" vertical-offset="60"
max-vertical-offset="7320">
+ <folding />
+ </state>
+ </provider>
+ </entry>
+ <entry file="file:///usr/lib64/python2.7/types.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="38" column="0"
selection-start="965" selection-end="965"
vertical-scroll-proportion="0.0" vertical-offset="570"
max-vertical-offset="1350" />
+ </provider>
+ </entry>
+ <entry
file="file://$PROJECT_DIR$/base/common/python/pki/__init__.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="376" column="0"
selection-start="11538" selection-end="11538"
vertical-scroll-proportion="0.0" vertical-offset="5640"
max-vertical-offset="5730" />
+ </provider>
+ </entry>
+ <entry file="file://$PROJECT_DIR$/base/common/python/pki/key.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="0" column="0" selection-start="0"
selection-end="0" vertical-scroll-proportion="0.0"
vertical-offset="8820" max-vertical-offset="12705" />
+ </provider>
+ </entry>
+ <entry file="file://$PROJECT_DIR$/base/common/python/pki/cert.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="410" column="0"
selection-start="17165" selection-end="17165"
vertical-scroll-proportion="0.0" vertical-offset="6285"
max-vertical-offset="7200">
+ <folding />
+ </state>
+ </provider>
+ </entry>
+ <entry file="file:///usr/lib64/python2.7/types.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="38" column="0"
selection-start="965" selection-end="965"
vertical-scroll-proportion="0.0" vertical-offset="570"
max-vertical-offset="1350" />
+ </provider>
+ </entry>
+ <entry
file="file://$PROJECT_DIR$/base/common/python/pki/__init__.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="376" column="0"
selection-start="11538" selection-end="11538"
vertical-scroll-proportion="0.0" vertical-offset="5640"
max-vertical-offset="5730" />
+ </provider>
+ </entry>
+ <entry file="file://$PROJECT_DIR$/base/common/python/pki/key.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="0" column="0" selection-start="0"
selection-end="0" vertical-scroll-proportion="0.0"
vertical-offset="8820" max-vertical-offset="12705" />
+ </provider>
+ </entry>
+ <entry file="file://$PROJECT_DIR$/base/common/python/pki/cert.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="410" column="0"
selection-start="17165" selection-end="17165"
vertical-scroll-proportion="0.0" vertical-offset="6582"
max-vertical-offset="7200">
+ <folding />
+ </state>
+ </provider>
+ </entry>
+ <entry file="file:///usr/lib64/python2.7/types.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="38" column="0"
selection-start="965" selection-end="965"
vertical-scroll-proportion="0.0" vertical-offset="570"
max-vertical-offset="1350" />
+ </provider>
+ </entry>
+ <entry
file="file://$PROJECT_DIR$/base/common/python/pki/__init__.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="376" column="0"
selection-start="11538" selection-end="11538"
vertical-scroll-proportion="0.0" vertical-offset="5640"
max-vertical-offset="5730" />
+ </provider>
+ </entry>
+ <entry file="file://$PROJECT_DIR$/base/common/python/pki/key.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="0" column="0" selection-start="0"
selection-end="0" vertical-scroll-proportion="0.0"
vertical-offset="8820" max-vertical-offset="12705" />
+ </provider>
+ </entry>
+ <entry file="file://$PROJECT_DIR$/base/common/python/pki/cert.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="186" column="40"
selection-start="6757" selection-end="6757"
vertical-scroll-proportion="0.0" vertical-offset="2790"
max-vertical-offset="6735">
+ <folding />
+ </state>
+ </provider>
+ </entry>
+ <entry file="file:///usr/lib64/python3.3/types.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="0" column="0" selection-start="0"
selection-end="0" vertical-scroll-proportion="-0.75409836"
vertical-offset="690" max-vertical-offset="1605" />
+ </provider>
+ </entry>
+ <entry file="file:///usr/lib64/python2.7/json/encoder.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="164" column="8"
selection-start="6162" selection-end="6162"
vertical-scroll-proportion="0.33333334" vertical-offset="2155"
max-vertical-offset="6810" />
+ </provider>
+ </entry>
+ <entry file="file:///usr/lib64/python2.7/types.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="38" column="0"
selection-start="965" selection-end="965"
vertical-scroll-proportion="0.14754099" vertical-offset="435"
max-vertical-offset="1350" />
+ </provider>
+ </entry>
+ <entry file="file://$PROJECT_DIR$/eq">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="78" column="17"
selection-start="3367" selection-end="3367"
vertical-scroll-proportion="0.3322034" vertical-offset="974"
max-vertical-offset="389175" />
+ </provider>
+ </entry>
+ <entry file="file://$PROJECT_DIR$/base/kra/functional/drmtest.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="98" column="52"
selection-start="3798" selection-end="3798"
vertical-scroll-proportion="0.0" vertical-offset="945"
max-vertical-offset="3645" />
+ </provider>
+ </entry>
+ <entry
file="file:///usr/lib64/python2.7/site-packages/simplejson/decoder.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="392" column="0"
selection-start="14386" selection-end="14386"
vertical-scroll-proportion="0.8037383" vertical-offset="5375"
max-vertical-offset="5910" />
+ </provider>
+ </entry>
+ <entry file="file:///usr/lib64/python2.7/copy.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="144" column="4"
selection-start="3993" selection-end="3993"
vertical-scroll-proportion="-0.03382187" vertical-offset="2160"
max-vertical-offset="6555" />
+ </provider>
+ </entry>
+ <entry
file="file:///usr/lib/python2.7/site-packages/requests/__init__.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="0" column="0" selection-start="0"
selection-end="0" vertical-scroll-proportion="0.0"
vertical-offset="0" max-vertical-offset="1020" />
+ </provider>
+ </entry>
+ <entry
file="file://$USER_HOME$/.PyCharm30/system/python_stubs/-1247972723/__builtin__.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="659" column="6"
selection-start="21724" selection-end="21724"
vertical-scroll-proportion="-0.9447576" vertical-offset="10723"
max-vertical-offset="77265">
+ <folding />
+ </state>
+ </provider>
+ </entry>
+ <entry
file="file://$PROJECT_DIR$/base/common/python/pki/system.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="12" column="0"
selection-start="517" selection-end="517"
vertical-scroll-proportion="-0.3697858" vertical-offset="508"
max-vertical-offset="1560" />
+ </provider>
+ </entry>
+ <entry file="file://$PROJECT_DIR$/base/common/python/pki/key.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="427" column="0"
selection-start="15300" selection-end="15300"
vertical-scroll-proportion="0.524239" vertical-offset="5865"
max-vertical-offset="12630" />
+ </provider>
+ </entry>
+ <entry
file="file:///usr/lib/python2.7/site-packages/pki/client.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="48" column="0"
selection-start="1562" selection-end="1562"
vertical-scroll-proportion="0.30665162" vertical-offset="448"
max-vertical-offset="1335" />
+ </provider>
+ </entry>
+ <entry
file="file://$PROJECT_DIR$/base/common/python/pki/kraclient.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="0" column="0" selection-start="0"
selection-end="0" vertical-scroll-proportion="0.0"
vertical-offset="0" max-vertical-offset="945" />
+ </provider>
+ </entry>
+ <entry
file="file://$PROJECT_DIR$/base/common/python/pki/__init__.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="218" column="0"
selection-start="7097" selection-end="7097"
vertical-scroll-proportion="-0.03382187" vertical-offset="3270"
max-vertical-offset="5700" />
+ </provider>
+ </entry>
+ <entry
file="file://$PROJECT_DIR$/base/common/python/pki/cryptoutil.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="0" column="0" selection-start="0"
selection-end="0" vertical-scroll-proportion="0.0"
vertical-offset="0" max-vertical-offset="4020" />
+ </provider>
+ </entry>
+ <entry
file="file://$PROJECT_DIR$/base/common/python/pki/client.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="83" column="0"
selection-start="2671" selection-end="2671"
vertical-scroll-proportion="0.89853436" vertical-offset="448"
max-vertical-offset="1335" />
+ </provider>
+ </entry>
+ <entry
file="file://$PROJECT_DIR$/base/common/python/pki/encoder.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="33" column="34"
selection-start="1482" selection-end="1482"
vertical-scroll-proportion="0.0" vertical-offset="495"
max-vertical-offset="810">
+ <folding />
+ </state>
+ </provider>
+ </entry>
+ <entry file="file://$PROJECT_DIR$/base/common/python/pki/cert.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="1108" column="9"
selection-start="41945" selection-end="41945"
vertical-scroll-proportion="0.0" vertical-offset="16500"
max-vertical-offset="19335">
+ <folding />
+ </state>
+ </provider>
+ </entry>
+ <entry
file="file://$PROJECT_DIR$/base/common/python/pki/account.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="22" column="0"
selection-start="803" selection-end="803"
vertical-scroll-proportion="0.5641026" vertical-offset="0"
max-vertical-offset="615">
+ <folding />
+ </state>
+ </provider>
+ </entry>
+ <entry
file="file://$PROJECT_DIR$/base/common/python/pki/profile.py">
+ <provider selected="true" editor-type-id="text-editor">
+ <state line="961" column="41"
selection-start="28774" selection-end="28774"
vertical-scroll-proportion="0.71965814" vertical-offset="13934"
max-vertical-offset="14880">
+ <folding />
+ </state>
+ </provider>
+ </entry>
+ </component>
+</project>
+
diff --git a/base/common/python/pki/account.py b/base/common/python/pki/account.py
index 1ab5b2ddb47804771d6cc89cd11f7f1d9b043856..0916ec7cccf25357b75161d08fea32626fdf9486
100644
--- a/base/common/python/pki/account.py
+++ b/base/common/python/pki/account.py
@@ -18,6 +18,7 @@
# Copyright (C) 2013 Red Hat, Inc.
# All rights reserved.
#
+import pki
class AccountClient:
@@ -25,8 +26,10 @@ class AccountClient:
def __init__(self, connection):
self.connection = connection
+ @pki.handle_exceptions()
def login(self):
self.connection.get('/rest/account/login')
+ @pki.handle_exceptions()
def logout(self):
self.connection.get('/rest/account/logout')
diff --git a/base/common/python/pki/cert.py b/base/common/python/pki/cert.py
index b22307ad1b2c2456257dc9416208e6725234bf9c..c3ed435d1c395060690f8c15a5b83bfac34059f4
100644
--- a/base/common/python/pki/cert.py
+++ b/base/common/python/pki/cert.py
@@ -14,16 +14,6 @@ import pki.encoder as encoder
import pki.profile as profile
-class CertId(object):
- """
- Class encapsulating a certificate serial number
- """
-
- def __init__(self, cert_id):
- """ Constructor """
- self.value = cert_id
-
-
class CertData(object):
"""
Class containing certificate data as returned from getCert()
@@ -43,6 +33,16 @@ class CertData(object):
self.nonce = None
self.link = None
+ def __repr__(self):
+ attributes = {
+ "CertData": {
+ "serial_number": self.serial_number,
+ "subject_dn": self.subject_dn,
+ "status": self.status
+ }
+ }
+ return str(attributes)
+
@classmethod
def from_json(cls, attr_list):
""" Return CertData object from JSON dict """
@@ -72,7 +72,7 @@ class CertDataInfo(object):
def __init__(self):
""" Constructor """
- self.cert_id = None
+ self.serial_number = None
self.subject_dn = None
self.status = None
self.type = None
@@ -85,11 +85,21 @@ class CertDataInfo(object):
self.issued_by = None
self.link = None
+ def __repr__(self):
+ obj = {
+ "CertDataInfo": {
+ 'serial_number': self.serial_number,
+ 'subject_dn': self.subject_dn,
+ 'type': self.type,
+ 'status': self.status
+ }}
+ return str(obj)
+
@classmethod
def from_json(cls, attr_list):
""" Return CertDataInfo object from JSON dict """
cert_data_info = cls()
- cert_data_info.cert_id = attr_list['id']
+ cert_data_info.serial_number = attr_list['id']
cert_data_info.subject_dn = attr_list['SubjectDN']
cert_data_info.status = attr_list['Status']
cert_data_info.type = attr_list['Type']
@@ -107,25 +117,31 @@ class CertDataInfo(object):
class CertDataInfoCollection(object):
"""
- Class containing list of CertDataInfo objects and their respective link objects.
+ Class containing list of CertDataInfo objects and their respective link
+ objects.
This data is returned when searching/listing certificate records in the CA.
"""
def __init__(self):
""" Constructor """
- self.cert_info_list = []
+ self.cert_data_info_list = []
self.links = []
+ def __iter__(self):
+ for cert_data_info in self.cert_data_info_list:
+ yield cert_data_info
+
@classmethod
def from_json(cls, json_value):
""" Populate object from JSON input """
ret = cls()
cert_infos = json_value['entries']
if not isinstance(cert_infos, types.ListType):
- ret.cert_info_list.append(CertDataInfo.from_json(cert_infos))
+ ret.cert_data_info_list.append(CertDataInfo.from_json(cert_infos))
else:
for cert_info in cert_infos:
- ret.cert_info_list.append(CertDataInfo.from_json(cert_info))
+ ret.cert_data_info_list.append(
+ CertDataInfo.from_json(cert_info))
links = json_value['Link']
if not isinstance(links, types.ListType):
@@ -155,6 +171,17 @@ class CertRequestInfo(object):
self.cert_url = None
self.error_message = None
+ def __repr__(self):
+ obj = {
+ 'CertRequestInfo': {
+ 'request_id': self.request_id,
+ 'request_type': self.request_type,
+ 'request_status': self.request_status,
+ 'request_url': self.request_url
+ }
+ }
+ return str(obj)
+
@classmethod
def from_json(cls, attr_list):
cert_request_info = cls()
@@ -163,7 +190,8 @@ class CertRequestInfo(object):
cert_request_info.request_status = attr_list['requestStatus']
cert_request_info.operation_result = attr_list['operationResult']
cert_request_info.request_id = \
-
str(cert_request_info.request_url)[(str(cert_request_info.request_url).rfind("/")
+ 1):]
+ str(cert_request_info.request_url)[(str(
+ cert_request_info.request_url).rfind("/") + 1):]
#Optional parameters
if 'certId' in attr_list:
cert_request_info.cert_id = attr_list['certId']
@@ -184,19 +212,25 @@ class CertRequestInfoCollection(object):
"""
def __init__(self):
- self.cert_info_list = []
+ self.cert_request_info_list = []
self.links = []
+ def __iter__(self):
+ for cert_request_info in self.cert_request_info_list:
+ yield cert_request_info
+
@classmethod
def from_json(cls, json_value):
""" Populate object from JSON input """
ret = cls()
cert_req_infos = json_value['entries']
if not isinstance(cert_req_infos, types.ListType):
- ret.cert_info_list.append(CertRequestInfo.from_json(cert_req_infos))
+ ret.cert_request_info_list.append(
+ CertRequestInfo.from_json(cert_req_infos))
else:
for cert_info in cert_req_infos:
- ret.cert_info_list.append(CertRequestInfo.from_json(cert_info))
+ ret.cert_request_info_list.append(
+ CertRequestInfo.from_json(cert_info))
links = json_value['Link']
if not isinstance(links, types.ListType):
@@ -215,18 +249,28 @@ class CertSearchRequest(object):
"""
search_params = {'serial_to': 'serialTo', 'serial_from':
'serialFrom',
- 'email': 'eMail', 'common_name':
'commonName', 'user_id': 'userID',
- 'org_unit': 'orgUnit', 'org':
'org', 'locality': 'locality',
- 'state': 'state', 'country':
'country', 'match_exactly': 'matchExactly',
- 'status': 'status', 'revoked_by':
'revokedBy', 'revoked_on_from': 'revokedOnFrom',
- 'revoked_on_to': 'revokedOnTo',
'revocation_reason': 'revocationReason',
- 'issued_by': 'issuedBy', 'issued_on_from':
'issuedOnFrom', 'issued_on_to': 'issuedOnTo',
- 'valid_not_before_from': 'validNotBeforeFrom',
'valid_not_before_to': 'validNotBeforeTo',
- 'valid_not_after_from': 'validNotAfterFrom',
'valid_not_after_to': 'validNotAfterTo',
- 'validity_operation': 'validityOperation',
'validity_count': 'validityCount',
- 'validity_unit': 'validityUnit',
'cert_type_sub_email_ca': 'certTypeSubEmailCA',
- 'cert_type_sub_ssl_ca': 'certTypeSubSSLCA',
'cert_type_secure_email': 'certTypeSecureEmail',
- 'cert_type_ssl_client': 'certTypeSSLClient',
'cert_type_ssl_server': 'certTypeSSLServer'}
+ 'email': 'eMail', 'common_name':
'commonName',
+ 'user_id': 'userID', 'org_unit':
'orgUnit', 'org': 'org',
+ 'locality': 'locality', 'state':
'state',
+ 'country': 'country', 'match_exactly':
'matchExactly',
+ 'status': 'status', 'revoked_by':
'revokedBy',
+ 'revoked_on_from': 'revokedOnFrom',
+ 'revoked_on_to': 'revokedOnTo',
+ 'revocation_reason': 'revocationReason',
+ 'issued_by': 'issuedBy', 'issued_on_from':
'issuedOnFrom',
+ 'issued_on_to': 'issuedOnTo',
+ 'valid_not_before_from': 'validNotBeforeFrom',
+ 'valid_not_before_to': 'validNotBeforeTo',
+ 'valid_not_after_from': 'validNotAfterFrom',
+ 'valid_not_after_to': 'validNotAfterTo',
+ 'validity_operation': 'validityOperation',
+ 'validity_count': 'validityCount',
+ 'validity_unit': 'validityUnit',
+ 'cert_type_sub_email_ca': 'certTypeSubEmailCA',
+ 'cert_type_sub_ssl_ca': 'certTypeSubSSLCA',
+ 'cert_type_secure_email': 'certTypeSecureEmail',
+ 'cert_type_ssl_client': 'certTypeSSLClient',
+ 'cert_type_ssl_server': 'certTypeSSLServer'}
def __init__(self, **cert_search_params):
""" Constructor """
@@ -234,59 +278,64 @@ class CertSearchRequest(object):
if len(cert_search_params) == 0:
setattr(self, 'serialNumberRangeInUse', True)
- for param in cert_search_params:
+ for param, value in cert_search_params.viewitems():
if not param in CertSearchRequest.search_params:
raise ValueError('Invalid search parameter: ' + param)
- if param == 'serial_to' or param == 'serial_from':
- setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
+ if param in {'serial_to', 'serial_from'}:
+ setattr(self, CertSearchRequest.search_params[param], value)
setattr(self, 'serialNumberRangeInUse', True)
- if param == 'email' or param == 'common_name' or param ==
'user_id' or param == 'org_unit' \
- or param == 'org' or param == 'locality' or param ==
'state' or param == 'country' \
- or param == 'match_exactly':
- setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
+ if param in {
+ 'email', 'common_name', 'user_id',
'org_unit', 'org',
+ 'locality', 'state', 'country',
'match_exactly'
+ }:
+ setattr(self, CertSearchRequest.search_params[param], value)
setattr(self, 'subjectInUse', True)
if param == 'status':
- setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
+ setattr(self, CertSearchRequest.search_params[param], value)
if param == 'revoked_by':
- setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
+ setattr(self, CertSearchRequest.search_params[param], value)
setattr(self, 'revokedByInUse', True)
- if param == 'revoked_on_from' or param == 'revoked_on_to':
- setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
+ if param in {'revoked_on_from', 'revoked_on_to'}:
+ setattr(self, CertSearchRequest.search_params[param], value)
setattr(self, 'revokedOnInUse', True)
if param == 'revocation_reason':
- setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
+ setattr(self, CertSearchRequest.search_params[param], value)
setattr(self, 'revocationReasonInUse', True)
if param == 'issued_by':
- setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
+ setattr(self, CertSearchRequest.search_params[param], value)
setattr(self, 'issuedByInUse', True)
- if param == 'issued_on_from' or param == 'issued_on_to':
- setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
+ if param in {'issued_on_from', 'issued_on_to'}:
+ setattr(self, CertSearchRequest.search_params[param], value)
setattr(self, 'issuedOnInUse', True)
- if param == 'valid_not_before_from' or param ==
'valid_not_before_to':
- setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
+ if param in {'valid_not_before_from',
'valid_not_before_to'}:
+ setattr(self, CertSearchRequest.search_params[param], value)
setattr(self, 'validNotBeforeInUse', True)
- if param == 'valid_not_after_from' or param ==
'valid_not_after_to':
- setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
+ if param in {'valid_not_after_from', 'valid_not_after_to'}:
+ setattr(self, CertSearchRequest.search_params[param], value)
setattr(self, 'validNotAfterInUse', True)
- if param == 'validity_operation' or param ==
'validity_count' or param == 'validity_unit':
- setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
+ if param in {
+ 'validity_operation', 'validity_count',
'validity_unit'
+ }:
+ setattr(self, CertSearchRequest.search_params[param], value)
setattr(self, 'validityLengthInUse', True)
- if param == 'cert_type_sub_email_ca' or param ==
'cert_type_sub_ssl_ca' \
- or param == 'cert_type_secure_email' or param ==
'cert_type_ssl_client' \
- or param == 'cert_type_ssl_server':
- setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
+ if param in {
+ 'cert_type_sub_email_ca', 'cert_type_sub_ssl_ca',
+ 'cert_type_secure_email', 'cert_type_ssl_client',
+ 'cert_type_ssl_server'
+ }:
+ setattr(self, CertSearchRequest.search_params[param], value)
setattr(self, 'certTypeInUse', True)
@@ -309,9 +358,25 @@ class CertRevokeRequest(object):
def __init__(self, nonce, reason=None, invalidity_date=None, comments=None):
""" Constructor """
+
setattr(self, "Nonce", nonce)
+
if reason is None:
reason = self.REASON_UNSPECIFIED
+ else:
+ if reason not in {
+ CertRevokeRequest.REASON_AA_COMPROMISE,
+ CertRevokeRequest.REASON_AFFILIATION_CHANGED,
+ CertRevokeRequest.REASON_CA_COMPROMISE,
+ CertRevokeRequest.REASON_CERTIFICATE_HOLD,
+ CertRevokeRequest.REASON_CESSATION_OF_OPERATION,
+ CertRevokeRequest.REASON_KEY_COMPROMISE,
+ CertRevokeRequest.REASON_PRIVILEGE_WITHDRAWN,
+ CertRevokeRequest.REASON_REMOVE_FROM_CRL,
+ CertRevokeRequest.REASON_SUPERSEDED,
+ CertRevokeRequest.REASON_UNSPECIFIED
+ }:
+ raise ValueError('Invalid revocation reason specified.')
setattr(self, "Reason", reason)
if invalidity_date is not None:
setattr(self, "InvalidityDate", invalidity_date)
@@ -321,11 +386,13 @@ class CertRevokeRequest(object):
class CertEnrollmentRequest(object):
"""
- This class encapsulates the parameters required for a certificate enrollment
request.
+ This class encapsulates the parameters required for a certificate
+ enrollment request.
"""
- def __init__(self, profile_id=None, renewal=False, serial_number=None,
remote_host=None, remote_address=None,
- inputs=None, outputs=None):
+ def __init__(self, profile_id=None, renewal=False, serial_number=None,
+ remote_host=None, remote_address=None, inputs=None,
+ outputs=None):
""" Constructor """
self.profile_id = profile_id
self.renewal = renewal
@@ -443,14 +510,17 @@ class CertEnrollmentRequest(object):
enroll_request.inputs.append(profile.ProfileInput.from_json(inputs))
else:
for profile_input in inputs:
-
enroll_request.inputs.append(profile.ProfileInput.from_json(profile_input))
+ enroll_request.inputs.append(
+ profile.ProfileInput.from_json(profile_input))
outputs = json_value['Output']
if not isinstance(outputs, types.ListType):
- enroll_request.outputs.append(profile.ProfileOutput.from_json(outputs))
+ enroll_request.outputs.append(
+ profile.ProfileOutput.from_json(outputs))
else:
for profile_output in outputs:
-
enroll_request.outputs.append(profile.ProfileOutput.from_json(profile_output))
+ enroll_request.outputs.append(
+ profile.ProfileOutput.from_json(profile_output))
return enroll_request
@@ -462,14 +532,21 @@ class CertReviewResponse(CertEnrollmentRequest):
It contains a nonce required to perform action on the request.
"""
- def __init__(self, profile_id=None, renewal=False, serial_number=None,
remote_host=None, remote_address=None,
- inputs=None, outputs=None, nonce=None, request_id=None,
request_type=None, request_status=None,
- request_owner=None, request_creation_time=None,
request_modification_time=None, request_notes=None,
- profile_approval_by=None, profile_set_id=None, profile_is_visible=None,
profile_name=None,
- profile_description=None, profile_remote_host=None,
profile_remote_address=None, policy_sets=None):
+ def __init__(self, profile_id=None, renewal=False, serial_number=None,
+ remote_host=None, remote_address=None, inputs=None,
+ outputs=None, nonce=None, request_id=None, request_type=None,
+ request_status=None, request_owner=None,
+ request_creation_time=None, request_modification_time=None,
+ request_notes=None, profile_approval_by=None,
+ profile_set_id=None, profile_is_visible=None,
+ profile_name=None, profile_description=None,
+ profile_remote_host=None, profile_remote_address=None,
+ policy_sets=None):
- super(CertReviewResponse, self).__init__(profile_id, renewal, serial_number,
remote_host,
- remote_address, inputs, outputs)
+ super(CertReviewResponse, self).__init__(profile_id, renewal,
+ serial_number, remote_host,
+ remote_address, inputs,
+ outputs)
self.nonce = nonce
self.request_id = request_id
self.request_type = request_type
@@ -622,8 +699,10 @@ class CertReviewResponse(CertEnrollmentRequest):
review_response.request_type = json_value['requestType']
review_response.request_status = json_value['requestStatus']
review_response.request_owner = json_value['requestOwner']
- review_response.request_creation_time =
json_value['requestCreationTime']
- review_response.request_modification_time =
json_value['requestModificationTime']
+ review_response.request_creation_time = \
+ json_value['requestCreationTime']
+ review_response.request_modification_time = \
+ json_value['requestModificationTime']
review_response.request_notes = json_value['requestNotes']
review_response.profile_approved_by = json_value['profileApprovedBy']
review_response.profile_set_id = json_value['profileSetId']
@@ -635,18 +714,20 @@ class CertReviewResponse(CertEnrollmentRequest):
profile_policy_sets = json_value['ProfilePolicySet']
if not isinstance(profile_policy_sets, types.ListType):
-
review_response.policy_sets.append(profile.ProfilePolicySet.from_json(profile_policy_sets))
+ review_response.policy_sets.append(
+ profile.ProfilePolicySet.from_json(profile_policy_sets))
else:
for policy_set in profile_policy_sets:
-
review_response.policy_sets.append(profile.ProfilePolicySet.from_json(policy_set))
+ review_response.policy_sets.append(
+ profile.ProfilePolicySet.from_json(policy_set))
return review_response
class CertClient(object):
"""
- Class encapsulating and mirroring the functionality in the CertResource Java
interface class
- defining the REST API for Certificate resources.
+ Class encapsulating and mirroring the functionality in the CertResource
+ Java interface class defining the REST API for Certificate resources.
"""
def __init__(self, connection):
@@ -661,101 +742,123 @@ class CertClient(object):
self.enrollment_templates = {}
@pki.handle_exceptions()
- def get_cert(self, cert_id):
+ def get_cert(self, cert_serial_number):
""" Return a CertData object for a particular certificate.
"""
- if cert_id is None:
+ if cert_serial_number is None:
raise ValueError("Certificate ID must be specified")
- url = self.cert_url + '/' + str(cert_id)
+ url = self.cert_url + '/' + str(cert_serial_number)
r = self.connection.get(url, self.headers)
return CertData.from_json(r.json())
@pki.handle_exceptions()
- def list_certs(self, max_results=None, max_time=None, start=None, size=None,
**cert_search_params):
- """ Return a CertDataInfoCollection object with a information
about all the
- certificates that satisfy the search criteria.
+ def list_certs(self, max_results=None, max_time=None, start=None, size=None,
+ **cert_search_params):
+ """ Return a CertDataInfoCollection object with a information
about all
+ the certificates that satisfy the search criteria.
If cert_search_request=None, returns all the certificates.
"""
url = self.cert_url + '/search'
- query_params = {"maxResults": max_results, "maxTime":
max_time, "start": start, "size": size}
+ query_params = {"maxResults": max_results, "maxTime":
max_time,
+ "start": start, "size": size}
cert_search_request = CertSearchRequest(**cert_search_params)
- search_request = json.dumps(cert_search_request, cls=encoder.CustomTypeEncoder,
sort_keys=True)
- response = self.connection.post(url, search_request, self.headers,
query_params)
+ search_request = json.dumps(cert_search_request,
+ cls=encoder.CustomTypeEncoder,
+ sort_keys=True)
+ response = self.connection.post(url, search_request, self.headers,
+ query_params)
return CertDataInfoCollection.from_json(response.json())
@pki.handle_exceptions()
- def review_cert(self, cert_id):
+ def review_cert(self, cert_serial_number):
""" Reviews a certificate. Returns a CertData object with a
nonce.
- This method requires an agent's authentication cert in the connection
object.
+ This method requires an agent's authentication cert in the
+ connection object.
"""
- if cert_id is None:
+ if cert_serial_number is None:
raise ValueError("Certificate ID must be specified")
- url = self.agent_cert_url + '/' + str(cert_id)
+ url = self.agent_cert_url + '/' + str(cert_serial_number)
r = self.connection.get(url, self.headers)
return CertData.from_json(r.json())
- def _submit_revoke_request(self, url, cert_id, revocation_reason=None,
invalidity_date=None, comments=None,
- nonce=None):
+ def _submit_revoke_request(self, url, cert_serial_number,
+ revocation_reason=None, invalidity_date=None,
+ comments=None, nonce=None):
"""
Submits a certificate revocation request.
Expects the URL for submitting the request.
Creates a CertRevokeRequest object using the arguments provided.
- If nonce is passed as an argument, reviews the cert to get a nonce from the
server
- and passes it in the request.
+ If nonce is passed as an argument, reviews the cert to get a nonce
+ from the server and passes it in the request.
Returns a CertRequestInfo object.
"""
- if cert_id is None:
+ if cert_serial_number is None:
raise ValueError("Certificate ID must be specified")
if url is None:
raise ValueError("URL not specified")
if nonce is None:
- cert_data = self.review_cert(cert_id)
+ cert_data = self.review_cert(cert_serial_number)
nonce = cert_data.nonce
- request = CertRevokeRequest(nonce, revocation_reason, invalidity_date,
comments)
- revoke_request = json.dumps(request, cls=encoder.CustomTypeEncoder,
sort_keys=True)
+ request = CertRevokeRequest(nonce, revocation_reason, invalidity_date,
+ comments)
+ revoke_request = json.dumps(request, cls=encoder.CustomTypeEncoder,
+ sort_keys=True)
r = self.connection.post(url, revoke_request, headers=self.headers)
return CertRequestInfo.from_json(r.json())
@pki.handle_exceptions()
- def revoke_cert(self, cert_id, revocation_reason=None, invalidity_date=None,
comments=None, nonce=None):
+ def revoke_cert(self, cert_serial_number, revocation_reason=None,
+ invalidity_date=None, comments=None, nonce=None):
""" Revokes a certificate.
Returns a CertRequestInfo object with information about the request.
- This method requires an agent's authentication cert in the connection
object.
+ This method requires an agent's authentication cert in the
+ connection object.
"""
- url = self.agent_cert_url + '/' + str(cert_id) + '/revoke'
- return self._submit_revoke_request(url, cert_id, revocation_reason,
invalidity_date, comments, nonce)
+ url = self.agent_cert_url + '/' + str(cert_serial_number) +
'/revoke'
+ return self._submit_revoke_request(url, cert_serial_number,
+ revocation_reason, invalidity_date,
+ comments, nonce)
@pki.handle_exceptions()
- def revoke_ca_cert(self, cert_id, revocation_reason=None, invalidity_date=None,
comments=None, nonce=None):
+ def revoke_ca_cert(self, cert_serial_number, revocation_reason=None,
+ invalidity_date=None, comments=None, nonce=None):
""" Revokes a CA certificate.
Returns a CertRequestInfo object with information about the request.
- This method requires an agent's authentication cert in the connection
object.
+ This method requires an agent's authentication cert in the
+ connection object.
"""
- url = self.agent_cert_url + '/' + str(cert_id) + '/revoke-ca'
- return self._submit_revoke_request(url, cert_id, revocation_reason,
invalidity_date, comments, nonce)
+ url = self.agent_cert_url + '/' + str(cert_serial_number) +
'/revoke-ca'
+ return self._submit_revoke_request(url, cert_serial_number,
+ revocation_reason, invalidity_date,
+ comments, nonce)
@pki.handle_exceptions()
- def hold_cert(self, cert_id, comments=None):
+ def hold_cert(self, cert_serial_number, comments=None):
""" Places a certificate on-hold.
- Calls the revoke_cert method with reason -
CertRevokeRequest.REASON_CERTIFICATE_HOLD.
+ Calls the revoke_cert method with reason -
+ CertRevokeRequest.REASON_CERTIFICATE_HOLD.
Returns a CertRequestInfo object.
- This method requires an agent's authentication cert in the connection
object.
+ This method requires an agent's authentication cert in the
+ connection object.
"""
- return self.revoke_cert(cert_id, CertRevokeRequest.REASON_CERTIFICATE_HOLD,
comments=comments)
+ return self.revoke_cert(cert_serial_number,
+ CertRevokeRequest.REASON_CERTIFICATE_HOLD,
+ comments=comments)
@pki.handle_exceptions()
- def unrevoke_cert(self, cert_id):
+ def unrevoke_cert(self, cert_serial_number):
""" Un-revokes a revoked certificate.
Returns a CertRequestInfo object.
- This method requires an agent's authentication cert in the connection
object.
+ This method requires an agent's authentication cert in the
+ connection object.
"""
- if cert_id is None:
+ if cert_serial_number is None:
raise ValueError("Certificate ID must be specified")
- url = self.agent_cert_url + '/' + str(cert_id) + '/unrevoke'
+ url = self.agent_cert_url + '/' + str(cert_serial_number) +
'/unrevoke'
r = self.connection.post(url, None, headers=self.headers)
return CertRequestInfo.from_json(r.json())
@@ -774,8 +877,9 @@ class CertClient(object):
return CertRequestInfo.from_json(r.json())
@pki.handle_exceptions()
- def list_requests(self, request_status=None, request_type=None,
from_request_id=None, size=None,
- max_results=None, max_time=None):
+ def list_requests(self, request_status=None, request_type=None,
+ from_request_id=None, size=None, max_results=None,
+ max_time=None):
"""
Query for a list of certificates using the arguments passed.
Returns a CertRequestInfoCollection object.
@@ -789,7 +893,8 @@ class CertClient(object):
'maxResults': max_results,
'maxTime': max_time
}
- r = self.connection.get(self.agent_cert_requests_url, self.headers,
query_params)
+ r = self.connection.get(self.agent_cert_requests_url, self.headers,
+ query_params)
return CertRequestInfoCollection.from_json(r.json())
@pki.handle_exceptions()
@@ -819,15 +924,17 @@ class CertClient(object):
cert_review_response = self.review_request(request_id)
url = self.agent_cert_requests_url + '/' + request_id + '/' +
action
- review_response = json.dumps(cert_review_response,
cls=encoder.CustomTypeEncoder, sort_keys=True)
+ review_response = json.dumps(cert_review_response,
+ cls=encoder. CustomTypeEncoder,
+ sort_keys=True)
r = self.connection.post(url, review_response, headers=self.headers)
return r
def approve_request(self, request_id, cert_review_response=None):
"""
Approves a certificate enrollment request.
- If cert_review_response is None, a review request operation is performed to
fetch the
- CertReviewResponse object.
+ If cert_review_response is None, a review request operation is performed
+ to fetch the CertReviewResponse object.
Requires as agent level authentication.
"""
return self._perform_action(request_id, cert_review_response,
'approve')
@@ -835,8 +942,8 @@ class CertClient(object):
def cancel_request(self, request_id, cert_review_response=None):
"""
Cancels a certificate enrollment request.
- If cert_review_response is None, a review request operation is performed to
fetch the
- CertReviewResponse object.
+ If cert_review_response is None, a review request operation is performed
+ to fetch the CertReviewResponse object.
Requires as agent level authentication.
"""
return self._perform_action(request_id, cert_review_response, 'cancel')
@@ -844,8 +951,8 @@ class CertClient(object):
def reject_request(self, request_id, cert_review_response=None):
"""
Rejects a certificate enrollment request.
- If cert_review_response is None, a review request operation is performed to
fetch the
- CertReviewResponse object.
+ If cert_review_response is None, a review request operation is performed
+ to fetch the CertReviewResponse object.
Requires as agent level authentication.
"""
return self._perform_action(request_id, cert_review_response, 'reject')
@@ -853,17 +960,18 @@ class CertClient(object):
def validate_request(self, request_id, cert_review_response):
"""
Validates a certificate enrollment request.
- If cert_review_response is None, a review request operation is performed to
fetch the
- CertReviewResponse object.
+ If cert_review_response is None, a review request operation is performed
+ to fetch the CertReviewResponse object.
Requires as agent level authentication.
"""
- return self._perform_action(request_id, cert_review_response,
'validate')
+ return self._perform_action(request_id, cert_review_response,
+ 'validate')
def update_request(self, request_id, cert_review_response):
"""
Updates a certificate enrollment request.
- If cert_review_response is None, a review request operation is performed to
fetch the
- CertReviewResponse object.
+ If cert_review_response is None, a review request operation is performed
+ to fetch the CertReviewResponse object.
Requires as agent level authentication.
"""
return self._perform_action(request_id, cert_review_response, 'update')
@@ -871,8 +979,8 @@ class CertClient(object):
def assign_request(self, request_id, cert_review_response):
"""
Assigns a certificate enrollment request.
- If cert_review_response is None, a review request operation is performed to
fetch the
- CertReviewResponse object.
+ If cert_review_response is None, a review request operation is performed
+ to fetch the CertReviewResponse object.
Requires as agent level authentication.
"""
return self._perform_action(request_id, cert_review_response, 'assign')
@@ -880,17 +988,19 @@ class CertClient(object):
def unassign_request(self, request_id, cert_review_response):
"""
Un-assigns a certificate enrollment request.
- If cert_review_response is None, a review request operation is performed to
fetch the
- CertReviewResponse object.
+ If cert_review_response is None, a review request operation is performed
+ to fetch the CertReviewResponse object.
Requires as agent level authentication.
"""
- return self._perform_action(request_id, cert_review_response,
'unassign')
+ return self._perform_action(request_id, cert_review_response,
+ 'unassign')
@pki.handle_exceptions()
def list_enrollment_templates(self, start=None, size=None):
"""
Gets the list of profile templates supported by the CA.
- The values for start and size arguments determine the starting point and the
length of the list.
+ The values for start and size arguments determine the starting point and
+ the length of the list.
Returns a ProfileDataInfoCollection object.
"""
@@ -900,7 +1010,6 @@ class CertClient(object):
'size': size
}
r = self.connection.get(url, self.headers, query_params)
- print r
return profile.ProfileDataInfoCollection.from_json(r.json())
@pki.handle_exceptions()
@@ -908,10 +1017,13 @@ class CertClient(object):
"""
Fetch the enrollment template for the given profile id.
For the first time, the request is sent to the server.
- The retrieved CertEnrollmentRequest object is then cached locally for future
requests.
+ The retrieved CertEnrollmentRequest object is then cached locally for
+ future requests.
Returns a CerEnrollmentRequest object.
"""
+ if profile_id is None:
+ raise ValueError("Profile ID must be specified.")
if profile_id in self.enrollment_templates:
return copy.deepcopy(self.enrollment_templates[profile_id])
url = self.cert_requests_url + '/profiles/' + str(profile_id)
@@ -927,8 +1039,10 @@ class CertClient(object):
def create_enrollment_request(self, profile_id, inputs):
"""
Fetches the enrollment request object for the given profile and
- sets values to its attributes using the values provided in the inputs
dictionary.
- Returns the CertEnrollmentRequest object, which can be submitted to enroll a
certificate.
+ sets values to its attributes using the values provided in the inputs
+ dictionary.
+ Returns the CertEnrollmentRequest object, which can be submitted to
+ enroll a certificate.
"""
if inputs is None or len(inputs) == 0:
raise ValueError("No inputs provided.")
@@ -945,42 +1059,48 @@ class CertClient(object):
def submit_enrollment_request(self, enrollment_request):
"""
Submits the CertEnrollmentRequest object to the server.
- Returns a CertRequestInfoCollection object with information about the
certificate requests
- enrolled at the CA.
+ Returns a CertRequestInfoCollection object with information about the
+ certificate requests enrolled at the CA.
"""
- request_object = json.dumps(enrollment_request, cls=encoder.CustomTypeEncoder,
sort_keys=True)
- r = self.connection.post(self.cert_requests_url, request_object, self.headers)
+ request_object = json.dumps(enrollment_request,
+ cls=encoder.CustomTypeEncoder,
+ sort_keys=True)
+ r = self.connection.post(self.cert_requests_url, request_object,
+ self.headers)
return CertRequestInfoCollection.from_json(r.json())
@pki.handle_exceptions()
def enroll_cert(self, profile_id, inputs):
"""
A convenience method for enrolling a certificate for a given profile id.
- The inputs parameter should be a dictionary with values for the profile
attributes
- for an enrollment request.
+ The inputs parameter should be a dictionary with values for the profile
+ attributes for an enrollment request.
- Calling this method with valid arguments, creates an enrollment request, submits
it
- to the server, approves the certificate requests generated for the enrollment
and
- returns a list of CertData objects for all the certificates generated as part of
this
- enrollment.
+ Calling this method with valid arguments, creates an enrollment request,
+ submits it to the server, approves the certificate requests generated
+ for the enrollment and returns a list of CertData objects for all the
+ certificates generated as part of this enrollment.
- Note: This method supports only certificate enrollment where only one agent
approval
- is sufficient.
+ Note: This method supports only certificate enrollment where only one
+ agent approval is sufficient.
Requires an agent level authentication.
+ Returns a list of CertData objects.
"""
- # Create a CertEnrollmentRequest object using the inputs for the given profile
id.
+ # Create a CertEnrollmentRequest object using the inputs for the given
+ # profile id.
enroll_request = self.create_enrollment_request(profile_id, inputs)
# Submit the enrollment request
cert_request_infos = self.submit_enrollment_request(enroll_request)
# Approve the requests generated for the certificate enrollment.
- # Fetch the CertData objects for all the certificates created and return to the
caller.
+ # Fetch the CertData objects for all the certificates created and
+ # return to the caller.
certificates = []
- for cert_request_info in cert_request_infos.cert_info_list:
+ for cert_request_info in cert_request_infos.cert_request_info_list:
request_id = cert_request_info.request_id
self.approve_request(request_id)
cert_id = self.get_request(request_id).cert_id
@@ -1010,7 +1130,8 @@ def main():
# Create a PKIConnection object that stores the details of the CA.
connection = client.PKIConnection('https', 'localhost',
'8443', 'ca')
- # The pem file used for authentication. Created from a p12 file using the command -
+ # The pem file used for authentication. Created from a p12 file using the
+ # command -
# openssl pkcs12 -in <p12_file_path> -out /tmp/auth.pem -nodes
connection.set_authentication_cert("/tmp/auth.pem")
@@ -1025,13 +1146,19 @@ def main():
inputs = dict()
inputs['cert_request_type'] = 'crmf'
- inputs['cert_request'] =
"MIIBpDCCAaAwggEGAgUA5n9VYTCBx4ABAqUOMAwxCjAIBgNVBAMTAXimgZ8wDQYJKoZIhvcNAQEBBQAD"
\
-
"gY0AMIGJAoGBAK/SmUVoUjBtqHNw/e3OoCSXw42pdQSR53/eYJWpf7nyTbZ9UuIhGfXOtxy5vRetmDHE"
\
-
"9u0AopmuJbr1rL17/tSnDakpkE9umQ2lMOReLloSdX32w2xOeulUwh5BGbFpq10S0SvW1H93Vn0eCy2a"
\
-
"a4UtILNEsp7JJ3FnYJibfuMPAgMBAAGpEDAOBgNVHQ8BAf8EBAMCBeAwMzAVBgkrBgEFBQcFAQEMCHJl"
\
-
"Z1Rva2VuMBoGCSsGAQUFBwUBAgwNYXV0aGVudGljYXRvcqGBkzANBgkqhkiG9w0BAQUFAAOBgQCuywnr"
\
-
"Dk/wGwfbguw9oVs9gzFQwM4zeFbk+z82G5CWoG/4mVOT5LPL5Q8iF+KfnaU9Qcu6zZPxW6ZmDd8WpPJ+"
\
-
"MTPyQl3Q5BfiKa4l5ra1NeqxMOlMiiupwINmm7jd1KaA2eIjuyC8/gTaO4b14R6aRaOj+Scp9cNYbthA7REhJw=="
+ inputs['cert_request'] =
"MIIBpDCCAaAwggEGAgUA5n9VYTCBx4ABAqUOMAwxCjAIBgN" \
+ "VBAMTAXimgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK"
\
+ "/SmUVoUjBtqHNw/e3OoCSXw42pdQSR53/eYJWpf7nyTbZ9U"
\
+ "uIhGfXOtxy5vRetmDHE9u0AopmuJbr1rL17/tSnDakpkE9u"
\
+ "mQ2lMOReLloSdX32w2xOeulUwh5BGbFpq10S0SvW1H93Vn0"
\
+ "eCy2aa4UtILNEsp7JJ3FnYJibfuMPAgMBAAGpEDAOBgNVHQ"
\
+ "8BAf8EBAMCBeAwMzAVBgkrBgEFBQcFAQEMCHJlZ1Rva2VuM"
\
+ "BoGCSsGAQUFBwUBAgwNYXV0aGVudGljYXRvcqGBkzANBgkq"
\
+ "hkiG9w0BAQUFAAOBgQCuywnrDk/wGwfbguw9oVs9gzFQwM4"
\
+ "zeFbk+z82G5CWoG/4mVOT5LPL5Q8iF+KfnaU9Qcu6zZPxW6"
\
+ "ZmDd8WpPJ+MTPyQl3Q5BfiKa4l5ra1NeqxMOlMiiupwINmm"
\
+ "7jd1KaA2eIjuyC8/gTaO4b14R6aRaOj+Scp9cNYbthA7REh"
\
+ "Jw=="
inputs['sn_uid'] = 'test12345'
inputs['sn_e'] = 'example(a)redhat.com'
inputs['sn_cn'] = 'TestUser'
@@ -1053,13 +1180,18 @@ def main():
inputs = dict()
inputs['cert_request_type'] = 'pkcs10'
- inputs['cert_request'] =
"MIIBmDCCAQECAQAwWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5DMRAwDgYDVQQHDAdSYWxlaWdoMRUwE"
\
-
"wYDVQQKDAxSZWQgSGF0IEluYy4xEzARBgNVBAMMClRlc3RTZXJ2ZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY"
\
-
"0AMIGJAoGBAMJpWz92dSYCvWxllrQCY5atPKCswUwyppRNGPnKmJ77AdHBBI4dFyET+h/+69jQMTLZMa8"
\
-
"FX7SbyHvgbgLBP4Q/RzCSE2S87qFNjriOqiQCqJmcrzDzdncJQiP+O7T6MSpLo3smLP7dK1Vd7vK0Vy8y"
\
-
"HwV0eBx7DgYedv2slBPHAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQBvkxAGKwkfK3TKwLc5Mg0IWp8zG"
\
-
"RVwxdIlghAL8DugNocCNNgmZazglJOOehLuk0/NkLX1ZM5RrVgM09W6kcfWZtIwr5Uje2K/+6tW2ZTGrb"
\
-
"izs7CNOTMzA/9H8CkHb4H9P/qRT275zHIocYj4smUnXLwWGsBMeGs+OMMbGvSrHg=="
+ inputs['cert_request'] =
"MIIBmDCCAQECAQAwWDELMAkGA1UEBhMCVVMxCzAJBgNVBAg" \
+ "MAk5DMRAwDgYDVQQHDAdSYWxlaWdoMRUwEwYDVQQKDAxSZW"
\
+ "QgSGF0IEluYy4xEzARBgNVBAMMClRlc3RTZXJ2ZXIwgZ8wD"
\
+ "QYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMJpWz92dSYCvWxl"
\
+ "lrQCY5atPKCswUwyppRNGPnKmJ77AdHBBI4dFyET+h/+69j"
\
+ "QMTLZMa8FX7SbyHvgbgLBP4Q/RzCSE2S87qFNjriOqiQCqJ"
\
+ "mcrzDzdncJQiP+O7T6MSpLo3smLP7dK1Vd7vK0Vy8yHwV0e"
\
+ "Bx7DgYedv2slBPHAgMBAAGgADANBgkqhkiG9w0BAQUFAAOB"
\
+ "gQBvkxAGKwkfK3TKwLc5Mg0IWp8zGRVwxdIlghAL8DugNoc"
\
+ "CNNgmZazglJOOehLuk0/NkLX1ZM5RrVgM09W6kcfWZtIwr5"
\
+ "Uje2K/+6tW2ZTGrbizs7CNOTMzA/9H8CkHb4H9P/qRT275z"
\
+ "HIocYj4smUnXLwWGsBMeGs+OMMbGvSrHg=="
inputs['requestor_name'] = 'Tester'
inputs['requestor_email'] = 'example(a)redhat.com'
@@ -1080,8 +1212,8 @@ def main():
search_params = {'status': 'VALID'}
cert_data_list = cert_client.list_certs(**search_params)
- for cert_data_info in cert_data_list.cert_info_list:
- print("Serial Number: " + cert_data_info.cert_id)
+ for cert_data_info in cert_data_list:
+ print("Serial Number: " + cert_data_info.serial_number)
print("Subject DN: " + cert_data_info.subject_dn)
print("Status: " + cert_data_info.status)
print
@@ -1099,7 +1231,8 @@ def main():
# Certificate Serial Number used for CertClient methods.
# 7, 0x7 and '0x7' are also valid values
- # Following examples use the serial number of the user certificate enrolled before.
+ # Following examples use the serial number of the user certificate enrolled
+ # before.
cert_id = cert_data_infos[0].serial_number
#Get certificate data
@@ -1136,9 +1269,8 @@ def main():
print('Revoking a certificate')
print('----------------------')
- cert_request_info = cert_client.revoke_cert(cert_data.serial_number,
-
revocation_reason=CertRevokeRequest.REASON_CERTIFICATE_HOLD,
- comments="Test revoking a
cert", nonce=cert_data.nonce)
+ cert_request_info = cert_client.hold_cert(cert_data.serial_number,
+ comments="Test revoking a
cert")
print('Request ID: ' + cert_request_info.request_id)
print('Request Type: ' + cert_request_info.request_type)
print('Request Status: ' + cert_request_info.request_status)
diff --git a/base/common/python/pki/profile.py b/base/common/python/pki/profile.py
index 83cd8bcca0d9ad3841b0b6b74e2aa4a6724e5bbc..0f2b4e3106260807433bf870706a6334d62c637c
100644
--- a/base/common/python/pki/profile.py
+++ b/base/common/python/pki/profile.py
@@ -20,6 +20,17 @@ class ProfileDataInfo(object):
self.profile_description = None
self.profile_url = None
+ def __repr__(self):
+ attributes = {
+ "ProfileDataInfo": {
+ 'profile_id': self.profile_id,
+ 'name': self.profile_name,
+ 'description': self.profile_description,
+ 'url': self.profile_url
+ }
+ }
+ return str(attributes)
+
@classmethod
def from_json(cls, attr_list):
profile_data_info = cls()
@@ -41,15 +52,21 @@ class ProfileDataInfoCollection(object):
self.profile_data_list = []
self.links = []
+ def __iter__(self):
+ for profile_data_info in self.profile_data_list:
+ yield profile_data_info
+
@classmethod
def from_json(cls, json_value):
ret = cls()
profile_data_infos = json_value['entries']
if not isinstance(profile_data_infos, types.ListType):
- ret.profile_data_list.append(ProfileDataInfo.from_json(profile_data_infos))
+ ret.profile_data_list.append(
+ ProfileDataInfo.from_json(profile_data_infos))
else:
for profile_info in profile_data_infos:
- ret.profile_data_list.append(ProfileDataInfo.from_json(profile_info))
+ ret.profile_data_list.append(
+ ProfileDataInfo.from_json(profile_info))
links = json_value['Link']
if not isinstance(links, types.ListType):
@@ -64,10 +81,12 @@ class ProfileDataInfoCollection(object):
class Descriptor(object):
"""
This class represents the description of a ProfileAttribute.
- It stores information such as the syntax, constraint and default value of a profile
attribute.
+ It stores information such as the syntax, constraint and default value of
+ a profile attribute.
"""
- def __init__(self, syntax=None, constraint=None, description=None,
default_value=None):
+ def __init__(self, syntax=None, constraint=None, description=None,
+ default_value=None):
self.syntax = syntax
self.constraint = constraint
self.description = description
@@ -158,8 +177,8 @@ class ProfileInput(object):
Ex. Subject name, Requestor Information etc.
"""
- def __init__(self, profile_input_id=None, class_id=None, name=None, text=None,
attributes=None,
- config_attributes=None):
+ def __init__(self, profile_input_id=None, class_id=None, name=None,
+ text=None, attributes=None, config_attributes=None):
self.profile_input_id = profile_input_id
self.class_id = class_id
@@ -261,17 +280,21 @@ class ProfileInput(object):
attributes = json_value['Attribute']
if not isinstance(attributes, types.ListType):
- profile_input.attributes.append(ProfileAttribute.from_json(attributes))
+ profile_input.attributes.append(
+ ProfileAttribute.from_json(attributes))
else:
for profile_info in attributes:
-
profile_input.attributes.append(ProfileAttribute.from_json(profile_info))
+ profile_input.attributes.append(
+ ProfileAttribute.from_json(profile_info))
config_attributes = json_value['ConfigAttribute']
if not isinstance(config_attributes, types.ListType):
-
profile_input.config_attributes.append(ProfileAttribute.from_json(config_attributes))
+ profile_input.config_attributes.append(
+ ProfileAttribute.from_json(config_attributes))
else:
for config_attribute in config_attributes:
-
profile_input.config_attributes.append(ProfileAttribute.from_json(config_attribute))
+ profile_input.config_attributes.append(
+ ProfileAttribute.from_json(config_attribute))
return profile_input
@@ -282,7 +305,8 @@ class ProfileOutput(object):
using a profile.
"""
- def __init__(self, profile_output_id=None, name=None, text=None, class_id=None,
attributes=None):
+ def __init__(self, profile_output_id=None, name=None, text=None,
+ class_id=None, attributes=None):
self.profile_output_id = profile_output_id
self.name = name
self.text = text
@@ -332,10 +356,12 @@ class ProfileOutput(object):
profile_output.class_id = json_value['classId']
attributes = json_value['attributes']
if not isinstance(attributes, types.ListType):
- profile_output.attributes.append(ProfileAttribute.from_json(attributes))
+ profile_output.attributes.append(
+ ProfileAttribute.from_json(attributes))
else:
for profile_info in attributes:
-
profile_output.attributes.append(ProfileAttribute.from_json(profile_info))
+ profile_output.attributes.append(
+ ProfileAttribute.from_json(profile_info))
return profile_output
@@ -355,10 +381,12 @@ class ProfileParameter(object):
class PolicyDefault(object):
"""
- An object of this class contains information of the default usage of a specific
ProfileInput.
+ An object of this class contains information of the default usage of a
+ specific ProfileInput.
"""
- def __init__(self, name=None, class_id=None, description=None,
policy_attributes=None, policy_params=None):
+ def __init__(self, name=None, class_id=None, description=None,
+ policy_attributes=None, policy_params=None):
self.name = name
self.class_id = class_id
self.description = description
@@ -415,18 +443,22 @@ class PolicyDefault(object):
if 'policyAttribute' in json_value:
attributes = json_value['policyAttribute']
if not isinstance(attributes, types.ListType):
-
policy_def.policy_attributes.append(ProfileAttribute.from_json(attributes))
+ policy_def.policy_attributes.append(
+ ProfileAttribute.from_json(attributes))
else:
for attr in attributes:
-
policy_def.policy_attributes.append(ProfileAttribute.from_json(attr))
+ policy_def.policy_attributes.append(
+ ProfileAttribute.from_json(attr))
if 'params' in json_value:
params = json_value['params']
if not isinstance(params, types.ListType):
- policy_def.policy_params.append(ProfileParameter.from_json(params))
+ policy_def.policy_params.append(
+ ProfileParameter.from_json(params))
else:
for param in params:
- policy_def.policy_params.append(ProfileParameter.from_json(param))
+ policy_def.policy_params.append(
+ ProfileParameter.from_json(param))
return policy_def
@@ -460,11 +492,12 @@ class PolicyConstraintValue(object):
class PolicyConstraint(object):
"""
- An object of this class contains the policy constraints applied to a ProfileInput
- used by a certificate enrollment request.
+ An object of this class contains the policy constraints applied to a
+ ProfileInput used by a certificate enrollment request.
"""
- def __init__(self, name=None, description=None, class_id=None,
policy_constraint_values=None):
+ def __init__(self, name=None, description=None, class_id=None,
+ policy_constraint_values=None):
self.name = name
self.description = description
self.class_id = class_id
@@ -509,10 +542,12 @@ class PolicyConstraint(object):
if 'constraint' in json_value:
constraints = json_value['constraint']
if not isinstance(constraints, types.ListType):
-
policy_constraint.policy_constraint_values.append(PolicyConstraintValue.from_json(constraints))
+ policy_constraint.policy_constraint_values.append(
+ PolicyConstraintValue.from_json(constraints))
else:
for constraint in constraints:
-
policy_constraint.policy_constraint_values.append(PolicyConstraintValue.from_json(constraint))
+ policy_constraint.policy_constraint_values.append(
+ PolicyConstraintValue.from_json(constraint))
return policy_constraint
@@ -520,11 +555,13 @@ class PolicyConstraint(object):
class ProfilePolicy(object):
"""
This class represents the policy a profile adheres to.
- An object of this class stores the default values for profile and the constraints
present on the
- values of the attributes of the profile submitted for an enrollment request.
+ An object of this class stores the default values for profile and the
+ constraints present on the values of the attributes of the profile submitted
+ for an enrollment request.
"""
- def __init__(self, policy_id=None, policy_default=None, policy_constraint=None):
+ def __init__(self, policy_id=None, policy_default=None,
+ policy_constraint=None):
self.policy_id = policy_id
self.policy_default = policy_default
self.policy_constraint = policy_constraint
@@ -648,7 +685,8 @@ class PolicySetList(object):
policy_set_list.policy_sets.append(PolicySet.from_json(policy_sets))
else:
for policy_set in policy_sets:
- policy_set_list.policy_sets.append(PolicySet.from_json(policy_set))
+ policy_set_list.policy_sets.append(
+ PolicySet.from_json(policy_set))
class ProfileData(object):
@@ -656,9 +694,11 @@ class ProfileData(object):
This class represents an enrollment profile.
"""
- def __init__(self, profile_id=None, class_id=None, name=None, description=None,
enabled=None, visible=None,
- enabled_by=None, authenticator_id=None, authorization_acl=None,
renewal=None, xml_output=None,
- inputs=None, outputs=None, policy_sets=None, link=None):
+ def __init__(self, profile_id=None, class_id=None, name=None,
+ description=None, enabled=None, visible=None, enabled_by=None,
+ authenticator_id=None, authorization_acl=None, renewal=None,
+ xml_output=None, inputs=None, outputs=None, policy_sets=None,
+ link=None):
self.profile_id = profile_id
self.name = name
@@ -779,26 +819,43 @@ class ProfileData(object):
profile_data.inputs.append(ProfileInput.from_json(profile_inputs))
else:
for profile_input in profile_inputs:
- profile_data.policy_sets.append(ProfileInput.from_json(profile_input))
+ profile_data.inputs.append(
+ ProfileInput.from_json(profile_input))
profile_outputs = json_value['Output']
if not isinstance(profile_outputs, types.ListType):
- profile_data.outputs.append(ProfileOutput.from_json(profile_outputs))
+ profile_data.outputs.append(
+ ProfileOutput.from_json(profile_outputs))
else:
for profile_output in profile_outputs:
-
profile_data.policy_sets.append(ProfileOutput.from_json(profile_output))
+ profile_data.outputs.append(
+ ProfileOutput.from_json(profile_output))
policy_sets = json_value['PolicySets']
if not isinstance(policy_sets, types.ListType):
- profile_data.policy_sets.append(PolicySetList.from_json(policy_sets))
+ profile_data.policy_sets.append(
+ PolicySetList.from_json(policy_sets))
else:
for policy_set in policy_sets:
- profile_data.policy_sets.append(PolicySetList.from_json(policy_set))
+ profile_data.policy_sets.append(
+ PolicySetList.from_json(policy_set))
profile_data.link = pki.Link.from_json(json_value['link'])
return profile_data
+ def __repr__(self):
+ attributes = {
+ "ProfileData": {
+ 'profile_id': self.profile_id,
+ 'name': self.name,
+ 'description': self.description,
+ 'status': ('enabled' if self.enabled else
'disabled'),
+ 'visible': self.visible
+ }
+ }
+ return str(attributes)
+
class ProfileClient(object):
"""
@@ -856,7 +913,8 @@ class ProfileClient(object):
if profile_id is None:
raise ValueError("Profile ID must be specified.")
if action is None:
- raise ValueError("A valid action(enable/disable) must be
specified.")
+ raise ValueError("A valid action(enable/disable) must be "
+ "specified.")
url = self.profiles_url + '/' + str(profile_id)
params = {'action': action}
@@ -881,7 +939,8 @@ def main():
# Initialize a PKIConnection object for the CA
connection = client.PKIConnection('https', 'localhost',
'8443', 'ca')
- # The pem file used for authentication. Created from a p12 file using the command -
+ # The pem file used for authentication. Created from a p12 file using the
+ # command -
# openssl pkcs12 -in <p12_file_path> -out /tmp/auth.pem -nodes
connection.set_authentication_cert("/tmp/auth.pem")
@@ -892,7 +951,7 @@ def main():
profile_data_infos = profile_client.list_profiles()
print('List of profiles:')
print('-----------------')
- for profile_data_info in profile_data_infos.profile_data_list:
+ for profile_data_info in profile_data_infos:
print(' Profile ID: ' + profile_data_info.profile_id)
print(' Profile Name: ' + profile_data_info.profile_name)
print(' Profile Description: ' +
profile_data_info.profile_description)
--
1.8.5.3
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
8:40 p.m.
On Thu, May 29, 2014 at 04:03:14PM -0400, Abhishek Koneru wrote:
Please review the patch which addresses the review comments given by
Ade
and Fraser for patches 92-2, 93, 94.
92-2 has been checked in already. 94 has been rebased to fix conflicts
with Ade's checkins. I removed the changes to account.py and client.py
form 94 to fix the conflicts.
So update the master and apply patches 93, 94, 95.
Ran into some more issues with patch 93:
1) there is an unused class ``ProfilePolicySet``. Is the purpose of
this class the same as ``PolicySet``? If so, they should be merged.
2) as currently implemented, ``PolicySet.from_json`` has no explicit
return, therefore returns None
3) ``PolicySet.from_json`` likewise lacks a return statement.
Cheers,
Fraser
Following are the review comments addressed in this patch -
** No. 4 in the list is not included in this patch. It will be done in a
separate patch.
1) Copy pasta error in ProfileData.from_json; ``policy_sets`` used
instead of ``inputs``/``outputs`` when processing
json_value['Input'] or json_value['Output'] lists.
2) Could you please make ProfileDataInfoCollection an iterable? It
doesn't make sense to be to have to access the ``profile_data_list``
attribute just to iterate the ProfileDataInfo objects.
3) Could you please add a ``repr`` method to ProfileData that
includes at least the profile_id? Maybe summary information about
whether it is visible/active as well, but I think just the ID should
be fine. Same goes for other classes that show up in lists, please.
4) I'm a little concerned about having the properties set/get
top-level attributes, e.g. ``enabled_by`` sets/gets ``enabledBy``.
Following this pattern where you wish to use the same name as in the
JSON would result in infinite loop; indeed you do treat some keys
different to avoid this, e.g. ``description``. This inconsistency
makes me wonder if there's a better pattern.
My suggestion would be to stash the JSON dict in a top-level
attribute (the constructor would have to initialise it to an empty
dict before other attributes are assigned) and then have the
properties set/get items in that dict.
You could further cut down boilerplate and duplication by definite a
descriptor for this purpose, e.g.:
class JSONProperty(object):
def __init__(self, attr):
self.attr
def __get__(self, instance, owner)
return obj.json_value[self.attr]
def __set__(self, instance, value)
obj.json_value[self.attr] = value
Then, most of the assignments in ``from_json`` go away , and
the corresponding property declarations follow the new pattern:
enabled_by = JSONProperty('enabledBy')
You would still need to treat Input, Output and PolicySets
differently, but you could also abstract over this pattern with yet
another class, i.e. a "JSON list property".
Anyhow, 4) isn't a show-stopper, just a (lengthy) nit-pick.
*** Will fix this in a separate patch.
5. Here you could iterate the (key, value) pairs to save keystrokes and
a bit of CPU doing ``cert_search_params[param]`` in all those places
below. e.g.:
for param, value in cert_search_params.viewitems():
...
``dict.viewitems()`` returns a *dictview* iterator-like object that
avoids creating an intermediate list as ``dict.items()`` would.
6. Here and in a few other places below it might improve readability to
test for set membership, e.g.:
if param in {
'email', 'common_name', 'user'_id',
'org_unit',
'org', ...
}:
7. pycharm appears to be set to 120 columns width by default. We need
to set to 80 and reformat accordingly. Please check in a pycharm
settings file. All new code should follow PEP8.
8. In CertRevokeRequest, a number of constants are defined for possible
reason settings. You should group those, and test for invalid reasons.
9. Do we use CertID anywhere? --- Removed CertID
10. list_entrollment_templates has a print r statement in it. Is that
supposed to be there?
11. get_enrollment_template should check for None for the profileID.
12. CertRequestInfoCollection has an element - cert_info_list, should
be
cert_request_info_list
13. ProfileConstraint -- why is id renamed to name? Why not just use
"id"
-- pycharm and pylint throw a warning when using id as an attribute name
-- Abhishek
8:50 p.m.
On Mon, Jun 02, 2014 at 11:40:19AM +1000, Fraser Tweedale wrote:
On Thu, May 29, 2014 at 04:03:14PM -0400, Abhishek Koneru wrote:
> Please review the patch which addresses the review comments given by Ade
> and Fraser for patches 92-2, 93, 94.
>
> 92-2 has been checked in already. 94 has been rebased to fix conflicts
> with Ade's checkins. I removed the changes to account.py and client.py
> form 94 to fix the conflicts.
>
> So update the master and apply patches 93, 94, 95.
>
Ran into some more issues with patch 93:
1) there is an unused class ``ProfilePolicySet``. Is the purpose of
this class the same as ``PolicySet``? If so, they should be merged.
2) as currently implemented, ``PolicySet.from_json`` has no explicit
return, therefore returns None
3) ``PolicySet.from_json`` likewise lacks a return statement.
One more thing:
4) due to use of ``pki.handle_exceptions`` decorator, docstrings on
decorated methods are wrong. You can use ``functools.wraps`` to
propagate docstrings through a decorator. See
http://stackoverflow.com/questions/1782843/python-decorator-problem-with-...
Cheers,
Fraser
> Following are the review comments addressed in this patch -
>
> ** No. 4 in the list is not included in this patch. It will be done in a
> separate patch.
>
> 1) Copy pasta error in ProfileData.from_json; ``policy_sets`` used
> instead of ``inputs``/``outputs`` when processing
> json_value['Input'] or json_value['Output'] lists.
>
> 2) Could you please make ProfileDataInfoCollection an iterable? It
> doesn't make sense to be to have to access the ``profile_data_list``
> attribute just to iterate the ProfileDataInfo objects.
>
> 3) Could you please add a ``repr`` method to ProfileData that
> includes at least the profile_id? Maybe summary information about
> whether it is visible/active as well, but I think just the ID should
> be fine. Same goes for other classes that show up in lists, please.
>
> 4) I'm a little concerned about having the properties set/get
> top-level attributes, e.g. ``enabled_by`` sets/gets ``enabledBy``.
> Following this pattern where you wish to use the same name as in the
> JSON would result in infinite loop; indeed you do treat some keys
> different to avoid this, e.g. ``description``. This inconsistency
> makes me wonder if there's a better pattern.
>
> My suggestion would be to stash the JSON dict in a top-level
> attribute (the constructor would have to initialise it to an empty
> dict before other attributes are assigned) and then have the
> properties set/get items in that dict.
>
> You could further cut down boilerplate and duplication by definite a
> descriptor for this purpose, e.g.:
>
> class JSONProperty(object):
> def __init__(self, attr):
> self.attr
>
> def __get__(self, instance, owner)
> return obj.json_value[self.attr]
>
> def __set__(self, instance, value)
> obj.json_value[self.attr] = value
>
> Then, most of the assignments in ``from_json`` go away , and
> the corresponding property declarations follow the new pattern:
>
> enabled_by = JSONProperty('enabledBy')
>
> You would still need to treat Input, Output and PolicySets
> differently, but you could also abstract over this pattern with yet
> another class, i.e. a "JSON list property".
>
> Anyhow, 4) isn't a show-stopper, just a (lengthy) nit-pick.
>
> *** Will fix this in a separate patch.
>
> 5. Here you could iterate the (key, value) pairs to save keystrokes and
> a bit of CPU doing ``cert_search_params[param]`` in all those places
> below. e.g.:
>
> for param, value in cert_search_params.viewitems():
> ...
>
> ``dict.viewitems()`` returns a *dictview* iterator-like object that
> avoids creating an intermediate list as ``dict.items()`` would.
>
> 6. Here and in a few other places below it might improve readability to
> test for set membership, e.g.:
>
> if param in {
> 'email', 'common_name', 'user'_id',
'org_unit',
> 'org', ...
> }:
>
> 7. pycharm appears to be set to 120 columns width by default. We need
> to set to 80 and reformat accordingly. Please check in a pycharm
> settings file. All new code should follow PEP8.
>
> 8. In CertRevokeRequest, a number of constants are defined for possible
> reason settings. You should group those, and test for invalid reasons.
>
> 9. Do we use CertID anywhere? --- Removed CertID
>
> 10. list_entrollment_templates has a print r statement in it. Is that
> supposed to be there?
>
> 11. get_enrollment_template should check for None for the profileID.
>
> 12. CertRequestInfoCollection has an element - cert_info_list, should
> be
> cert_request_info_list
>
> 13. ProfileConstraint -- why is id renamed to name? Why not just use
> "id"
> -- pycharm and pylint throw a warning when using id as an attribute name
>
> -- Abhishek
>
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
6:08 a.m.
Comments inline.
On Mon, 2014-06-02 at 11:50 +1000, Fraser Tweedale wrote:
On Mon, Jun 02, 2014 at 11:40:19AM +1000, Fraser Tweedale wrote:
> On Thu, May 29, 2014 at 04:03:14PM -0400, Abhishek Koneru wrote:
> > Please review the patch which addresses the review comments given by Ade
> > and Fraser for patches 92-2, 93, 94.
> >
> > 92-2 has been checked in already. 94 has been rebased to fix conflicts
> > with Ade's checkins. I removed the changes to account.py and client.py
> > form 94 to fix the conflicts.
> >
> > So update the master and apply patches 93, 94, 95.
> >
>
> Ran into some more issues with patch 93:
>
> 1) there is an unused class ``ProfilePolicySet``. Is the purpose of
> this class the same as ``PolicySet``? If so, they should be merged.
The ProfilePolicySet class is being used in the CertReviewResponse
class. It is different from the PolicySet class.
The former is a list of ProfilePolicy objects while the latter is a
dictionary of {Policy_name, Collection of <Profile_Policy>}.
Both classes are replications of similar definitions on the Java side.
>
> 2) as currently implemented, ``PolicySet.from_json`` has no explicit
> return, therefore returns None
>
> 3) ``PolicySet.from_json`` likewise lacks a return statement.
>
Will be corrected.
One more thing:
4) due to use of ``pki.handle_exceptions`` decorator, docstrings on
decorated methods are wrong. You can use ``functools.wraps`` to
propagate docstrings through a decorator. See
http://stackoverflow.com/questions/1782843/python-decorator-problem-with-...
Good catch and great suggestion. I will work on this.
--Abhishek
> Cheers,
>
> Fraser
>
> > Following are the review comments addressed in this patch -
> >
> > ** No. 4 in the list is not included in this patch. It will be done in a
> > separate patch.
> >
> > 1) Copy pasta error in ProfileData.from_json; ``policy_sets`` used
> > instead of ``inputs``/``outputs`` when processing
> > json_value['Input'] or json_value['Output'] lists.
> >
> > 2) Could you please make ProfileDataInfoCollection an iterable? It
> > doesn't make sense to be to have to access the ``profile_data_list``
> > attribute just to iterate the ProfileDataInfo objects.
> >
> > 3) Could you please add a ``repr`` method to ProfileData that
> > includes at least the profile_id? Maybe summary information about
> > whether it is visible/active as well, but I think just the ID should
> > be fine. Same goes for other classes that show up in lists, please.
> >
> > 4) I'm a little concerned about having the properties set/get
> > top-level attributes, e.g. ``enabled_by`` sets/gets ``enabledBy``.
> > Following this pattern where you wish to use the same name as in the
> > JSON would result in infinite loop; indeed you do treat some keys
> > different to avoid this, e.g. ``description``. This inconsistency
> > makes me wonder if there's a better pattern.
> >
> > My suggestion would be to stash the JSON dict in a top-level
> > attribute (the constructor would have to initialise it to an empty
> > dict before other attributes are assigned) and then have the
> > properties set/get items in that dict.
> >
> > You could further cut down boilerplate and duplication by definite a
> > descriptor for this purpose, e.g.:
> >
> > class JSONProperty(object):
> > def __init__(self, attr):
> > self.attr
> >
> > def __get__(self, instance, owner)
> > return obj.json_value[self.attr]
> >
> > def __set__(self, instance, value)
> > obj.json_value[self.attr] = value
> >
> > Then, most of the assignments in ``from_json`` go away , and
> > the corresponding property declarations follow the new pattern:
> >
> > enabled_by = JSONProperty('enabledBy')
> >
> > You would still need to treat Input, Output and PolicySets
> > differently, but you could also abstract over this pattern with yet
> > another class, i.e. a "JSON list property".
> >
> > Anyhow, 4) isn't a show-stopper, just a (lengthy) nit-pick.
> >
> > *** Will fix this in a separate patch.
> >
> > 5. Here you could iterate the (key, value) pairs to save keystrokes and
> > a bit of CPU doing ``cert_search_params[param]`` in all those places
> > below. e.g.:
> >
> > for param, value in cert_search_params.viewitems():
> > ...
> >
> > ``dict.viewitems()`` returns a *dictview* iterator-like object that
> > avoids creating an intermediate list as ``dict.items()`` would.
> >
> > 6. Here and in a few other places below it might improve readability to
> > test for set membership, e.g.:
> >
> > if param in {
> > 'email', 'common_name', 'user'_id',
'org_unit',
> > 'org', ...
> > }:
> >
> > 7. pycharm appears to be set to 120 columns width by default. We need
> > to set to 80 and reformat accordingly. Please check in a pycharm
> > settings file. All new code should follow PEP8.
> >
> > 8. In CertRevokeRequest, a number of constants are defined for possible
> > reason settings. You should group those, and test for invalid reasons.
> >
> > 9. Do we use CertID anywhere? --- Removed CertID
> >
> > 10. list_entrollment_templates has a print r statement in it. Is that
> > supposed to be there?
> >
> > 11. get_enrollment_template should check for None for the profileID.
> >
> > 12. CertRequestInfoCollection has an element - cert_info_list, should
> > be
> > cert_request_info_list
> >
> > 13. ProfileConstraint -- why is id renamed to name? Why not just use
> > "id"
> > -- pycharm and pylint throw a warning when using id as an attribute name
> >
> > -- Abhishek
> >
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel(a)redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
4:44 p.m.
New subject: [PATCH] 95 -2 Fixes for comments on patch 95
So i addressed all the new comments from Fraser and Ade.
Ade is OK with the current set of patches checked in (93, 94, 95-2).
I will be submitting new patches which add the remaining methods in
ProfileClient and provide a better solution for the property/setter
usage in classes like ProfileData, CertEnrollmentRequest and
CertReviewResponse.
Fraser - if the current code is OK with you please let me know. i can
check in the code right away.
As per my previous mail - these are addressed:
> > 1) there is an unused class ``ProfilePolicySet``. Is the
purpose of
> > this class the same as ``PolicySet``? If so, they should be merged.
The ProfilePolicySet class is being used in the CertReviewResponse
class. It is different from the PolicySet class.
The former is a list of ProfilePolicy objects while the latter is a
dictionary of {Policy_name, Collection of <Profile_Policy>}.
Both classes are replications of similar definitions on the Java side.
> >
> > 2) as currently implemented, ``PolicySet.from_json`` has no explicit
> > return, therefore returns None
> >
> > 3) ``PolicySet.from_json`` likewise lacks a return statement.
> >
Will be corrected.
>
> One more thing:
>
> 4) due to use of ``pki.handle_exceptions`` decorator, docstrings on
> decorated methods are wrong. You can use ``functools.wraps`` to
> propagate docstrings through a decorator. See
> http://stackoverflow.com/questions/1782843/python-decorator-problem-with-...
>
Good catch and great suggestion. I will work on this.
Though the link you provided
is pretty old, i still do not see any
support for showing the arguments of the wrapped function instead of the
wrapper function's arguments - when calling help.
In any case, i used functools.wraps to atleast show the docstring.
Along with the following comments by Ade.
1. You need to not track workspace.xml - and most likely add it
to .gitignore. See
http://manski.net/2012/05/which-project-files-under-version-control/#inte...
That said, it appears that Barbican for example, does not in fact check
in their .idea files. You might want to ask them about that.
I removed the PyCharm project files. (Even barbican doesn't check them
in and they do not have any other way of checking the PEP8 standards
using the PyCharm files)
2. In CertRevoke, you do check to see if the reason provided is a valid
reason, but do this by defining the valid reasons twice - once as a
standalone field, and once in an anonymous list. Better to define all
the reasons in a named list, and check that list.
-- Included in the patch.
-- Abhishek
5:52 p.m.
New subject: [PATCH] 95 -2 Fixes for comments on patch 95
On Mon, Jun 02, 2014 at 05:44:17PM -0400, Abhishek Koneru wrote:
So i addressed all the new comments from Fraser and Ade.
Ade is OK with the current set of patches checked in (93, 94, 95-2).
I will be submitting new patches which add the remaining methods in
ProfileClient and provide a better solution for the property/setter
usage in classes like ProfileData, CertEnrollmentRequest and
CertReviewResponse.
Fraser - if the current code is OK with you please let me know. i can
check in the code right away.
As per my previous mail - these are addressed:
ACK x 3 from me.
> > > 1) there is an unused class ``ProfilePolicySet``. Is
the purpose of
> > > this class the same as ``PolicySet``? If so, they should be merged.
>
> The ProfilePolicySet class is being used in the CertReviewResponse
> class. It is different from the PolicySet class.
>
> The former is a list of ProfilePolicy objects while the latter is a
> dictionary of {Policy_name, Collection of <Profile_Policy>}.
>
> Both classes are replications of similar definitions on the Java side.
>
> > >
> > > 2) as currently implemented, ``PolicySet.from_json`` has no explicit
> > > return, therefore returns None
> > >
> > > 3) ``PolicySet.from_json`` likewise lacks a return statement.
> > >
>
> Will be corrected.
>
> >
> > One more thing:
> >
> > 4) due to use of ``pki.handle_exceptions`` decorator, docstrings on
> > decorated methods are wrong. You can use ``functools.wraps`` to
> > propagate docstrings through a decorator. See
> >
http://stackoverflow.com/questions/1782843/python-decorator-problem-with-...
> >
>
> Good catch and great suggestion. I will work on this.
Though the link you provided is pretty old, i still do not see any
support for showing the arguments of the wrapped function instead of the
wrapper function's arguments - when calling help.
In any case, i used functools.wraps to atleast show the docstring.
Along with the following comments by Ade.
1. You need to not track workspace.xml - and most likely add it
to .gitignore. See
http://manski.net/2012/05/which-project-files-under-version-control/#inte...
That said, it appears that Barbican for example, does not in fact check
in their .idea files. You might want to ask them about that.
I removed the PyCharm project files. (Even barbican doesn't check them
in and they do not have any other way of checking the PEP8 standards
using the PyCharm files)
2. In CertRevoke, you do check to see if the reason provided is a valid
reason, but do this by defining the valid reasons twice - once as a
standalone field, and once in an anonymous list. Better to define all
the reasons in a named list, and check that list.
-- Included in the patch.
-- Abhishek
From d572c7a5b28af9cafc3b9eb3d64dc1e5ad748a13 Mon Sep 17 00:00:00
2001
From: Abhishek Koneru <akoneru(a)redhat.com>
Date: Fri, 23 May 2014 12:17:38 -0400
Subject: [PATCH] Addressed comments given for patches 92-2, 93, 94.
Addressed review comments for the patches that
implement the CertClient and a part of ProfileClient.
Also includes the pycharm project files in pki/.idea.
---
base/common/python/pki/__init__.py | 6 +-
base/common/python/pki/account.py | 3 +
base/common/python/pki/cert.py | 491 +++++++++++++++++++++++--------------
base/common/python/pki/profile.py | 145 +++++++----
4 files changed, 416 insertions(+), 229 deletions(-)
diff --git a/base/common/python/pki/__init__.py b/base/common/python/pki/__init__.py
index 713f10e0e7321fab2d10e5026a59e3ec2a4a5ff8..891d6ea6364b037f132ff3754b73b372c638b0f7
100644
--- a/base/common/python/pki/__init__.py
+++ b/base/common/python/pki/__init__.py
@@ -21,6 +21,7 @@
"""
This module contains top-level classes and functions used by the Dogtag project.
"""
+from functools import wraps
import os
import re
import requests
@@ -245,6 +246,7 @@ def handle_exceptions():
def exceptions_decorator(fn_call):
""" The actual decorator handler."""
+ @wraps(fn_call)
def handler(inst, *args, **kwargs):
""" Decorator to catch and re-throw
PKIExceptions."""
try:
@@ -392,8 +394,10 @@ class PropertyFile(object):
class Link:
"""
- Stores the information of the resteasy's Link object sent by the server for
a resource.
+ Stores the information of the resteasy's Link object sent by the server
+ for a resource.
"""
+
def __init__(self):
pass
diff --git a/base/common/python/pki/account.py b/base/common/python/pki/account.py
index 1ab5b2ddb47804771d6cc89cd11f7f1d9b043856..0916ec7cccf25357b75161d08fea32626fdf9486
100644
--- a/base/common/python/pki/account.py
+++ b/base/common/python/pki/account.py
@@ -18,6 +18,7 @@
# Copyright (C) 2013 Red Hat, Inc.
# All rights reserved.
#
+import pki
class AccountClient:
@@ -25,8 +26,10 @@ class AccountClient:
def __init__(self, connection):
self.connection = connection
+ @pki.handle_exceptions()
def login(self):
self.connection.get('/rest/account/login')
+ @pki.handle_exceptions()
def logout(self):
self.connection.get('/rest/account/logout')
diff --git a/base/common/python/pki/cert.py b/base/common/python/pki/cert.py
index b22307ad1b2c2456257dc9416208e6725234bf9c..036bbf4e31d2f75118949395b539aa7fa0007eef
100644
--- a/base/common/python/pki/cert.py
+++ b/base/common/python/pki/cert.py
@@ -14,16 +14,6 @@ import pki.encoder as encoder
import pki.profile as profile
-class CertId(object):
- """
- Class encapsulating a certificate serial number
- """
-
- def __init__(self, cert_id):
- """ Constructor """
- self.value = cert_id
-
-
class CertData(object):
"""
Class containing certificate data as returned from getCert()
@@ -43,6 +33,16 @@ class CertData(object):
self.nonce = None
self.link = None
+ def __repr__(self):
+ attributes = {
+ "CertData": {
+ "serial_number": self.serial_number,
+ "subject_dn": self.subject_dn,
+ "status": self.status
+ }
+ }
+ return str(attributes)
+
@classmethod
def from_json(cls, attr_list):
""" Return CertData object from JSON dict """
@@ -72,7 +72,7 @@ class CertDataInfo(object):
def __init__(self):
""" Constructor """
- self.cert_id = None
+ self.serial_number = None
self.subject_dn = None
self.status = None
self.type = None
@@ -85,11 +85,21 @@ class CertDataInfo(object):
self.issued_by = None
self.link = None
+ def __repr__(self):
+ obj = {
+ "CertDataInfo": {
+ 'serial_number': self.serial_number,
+ 'subject_dn': self.subject_dn,
+ 'type': self.type,
+ 'status': self.status
+ }}
+ return str(obj)
+
@classmethod
def from_json(cls, attr_list):
""" Return CertDataInfo object from JSON dict """
cert_data_info = cls()
- cert_data_info.cert_id = attr_list['id']
+ cert_data_info.serial_number = attr_list['id']
cert_data_info.subject_dn = attr_list['SubjectDN']
cert_data_info.status = attr_list['Status']
cert_data_info.type = attr_list['Type']
@@ -107,25 +117,30 @@ class CertDataInfo(object):
class CertDataInfoCollection(object):
"""
- Class containing list of CertDataInfo objects and their respective link objects.
+ Class containing list of CertDataInfo objects and their respective link
+ objects.
This data is returned when searching/listing certificate records in the CA.
"""
def __init__(self):
""" Constructor """
- self.cert_info_list = []
+ self.cert_data_info_list = []
self.links = []
+ def __iter__(self):
+ return iter(self.cert_data_info_list)
+
@classmethod
def from_json(cls, json_value):
""" Populate object from JSON input """
ret = cls()
cert_infos = json_value['entries']
if not isinstance(cert_infos, types.ListType):
- ret.cert_info_list.append(CertDataInfo.from_json(cert_infos))
+ ret.cert_data_info_list.append(CertDataInfo.from_json(cert_infos))
else:
for cert_info in cert_infos:
- ret.cert_info_list.append(CertDataInfo.from_json(cert_info))
+ ret.cert_data_info_list.append(
+ CertDataInfo.from_json(cert_info))
links = json_value['Link']
if not isinstance(links, types.ListType):
@@ -155,6 +170,17 @@ class CertRequestInfo(object):
self.cert_url = None
self.error_message = None
+ def __repr__(self):
+ obj = {
+ 'CertRequestInfo': {
+ 'request_id': self.request_id,
+ 'request_type': self.request_type,
+ 'request_status': self.request_status,
+ 'request_url': self.request_url
+ }
+ }
+ return str(obj)
+
@classmethod
def from_json(cls, attr_list):
cert_request_info = cls()
@@ -163,7 +189,8 @@ class CertRequestInfo(object):
cert_request_info.request_status = attr_list['requestStatus']
cert_request_info.operation_result = attr_list['operationResult']
cert_request_info.request_id = \
-
str(cert_request_info.request_url)[(str(cert_request_info.request_url).rfind("/")
+ 1):]
+ str(cert_request_info.request_url)[(str(
+ cert_request_info.request_url).rfind("/") + 1):]
#Optional parameters
if 'certId' in attr_list:
cert_request_info.cert_id = attr_list['certId']
@@ -184,19 +211,24 @@ class CertRequestInfoCollection(object):
"""
def __init__(self):
- self.cert_info_list = []
+ self.cert_request_info_list = []
self.links = []
+ def __iter__(self):
+ return iter(self.cert_request_info_list)
+
@classmethod
def from_json(cls, json_value):
""" Populate object from JSON input """
ret = cls()
cert_req_infos = json_value['entries']
if not isinstance(cert_req_infos, types.ListType):
- ret.cert_info_list.append(CertRequestInfo.from_json(cert_req_infos))
+ ret.cert_request_info_list.append(
+ CertRequestInfo.from_json(cert_req_infos))
else:
for cert_info in cert_req_infos:
- ret.cert_info_list.append(CertRequestInfo.from_json(cert_info))
+ ret.cert_request_info_list.append(
+ CertRequestInfo.from_json(cert_info))
links = json_value['Link']
if not isinstance(links, types.ListType):
@@ -215,18 +247,28 @@ class CertSearchRequest(object):
"""
search_params = {'serial_to': 'serialTo', 'serial_from':
'serialFrom',
- 'email': 'eMail', 'common_name':
'commonName', 'user_id': 'userID',
- 'org_unit': 'orgUnit', 'org':
'org', 'locality': 'locality',
- 'state': 'state', 'country':
'country', 'match_exactly': 'matchExactly',
- 'status': 'status', 'revoked_by':
'revokedBy', 'revoked_on_from': 'revokedOnFrom',
- 'revoked_on_to': 'revokedOnTo',
'revocation_reason': 'revocationReason',
- 'issued_by': 'issuedBy', 'issued_on_from':
'issuedOnFrom', 'issued_on_to': 'issuedOnTo',
- 'valid_not_before_from': 'validNotBeforeFrom',
'valid_not_before_to': 'validNotBeforeTo',
- 'valid_not_after_from': 'validNotAfterFrom',
'valid_not_after_to': 'validNotAfterTo',
- 'validity_operation': 'validityOperation',
'validity_count': 'validityCount',
- 'validity_unit': 'validityUnit',
'cert_type_sub_email_ca': 'certTypeSubEmailCA',
- 'cert_type_sub_ssl_ca': 'certTypeSubSSLCA',
'cert_type_secure_email': 'certTypeSecureEmail',
- 'cert_type_ssl_client': 'certTypeSSLClient',
'cert_type_ssl_server': 'certTypeSSLServer'}
+ 'email': 'eMail', 'common_name':
'commonName',
+ 'user_id': 'userID', 'org_unit':
'orgUnit', 'org': 'org',
+ 'locality': 'locality', 'state':
'state',
+ 'country': 'country', 'match_exactly':
'matchExactly',
+ 'status': 'status', 'revoked_by':
'revokedBy',
+ 'revoked_on_from': 'revokedOnFrom',
+ 'revoked_on_to': 'revokedOnTo',
+ 'revocation_reason': 'revocationReason',
+ 'issued_by': 'issuedBy', 'issued_on_from':
'issuedOnFrom',
+ 'issued_on_to': 'issuedOnTo',
+ 'valid_not_before_from': 'validNotBeforeFrom',
+ 'valid_not_before_to': 'validNotBeforeTo',
+ 'valid_not_after_from': 'validNotAfterFrom',
+ 'valid_not_after_to': 'validNotAfterTo',
+ 'validity_operation': 'validityOperation',
+ 'validity_count': 'validityCount',
+ 'validity_unit': 'validityUnit',
+ 'cert_type_sub_email_ca': 'certTypeSubEmailCA',
+ 'cert_type_sub_ssl_ca': 'certTypeSubSSLCA',
+ 'cert_type_secure_email': 'certTypeSecureEmail',
+ 'cert_type_ssl_client': 'certTypeSSLClient',
+ 'cert_type_ssl_server': 'certTypeSSLServer'}
def __init__(self, **cert_search_params):
""" Constructor """
@@ -234,59 +276,64 @@ class CertSearchRequest(object):
if len(cert_search_params) == 0:
setattr(self, 'serialNumberRangeInUse', True)
- for param in cert_search_params:
+ for param, value in cert_search_params.viewitems():
if not param in CertSearchRequest.search_params:
raise ValueError('Invalid search parameter: ' + param)
- if param == 'serial_to' or param == 'serial_from':
- setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
+ if param in {'serial_to', 'serial_from'}:
+ setattr(self, CertSearchRequest.search_params[param], value)
setattr(self, 'serialNumberRangeInUse', True)
- if param == 'email' or param == 'common_name' or param ==
'user_id' or param == 'org_unit' \
- or param == 'org' or param == 'locality' or param ==
'state' or param == 'country' \
- or param == 'match_exactly':
- setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
+ if param in {
+ 'email', 'common_name', 'user_id',
'org_unit', 'org',
+ 'locality', 'state', 'country',
'match_exactly'
+ }:
+ setattr(self, CertSearchRequest.search_params[param], value)
setattr(self, 'subjectInUse', True)
if param == 'status':
- setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
+ setattr(self, CertSearchRequest.search_params[param], value)
if param == 'revoked_by':
- setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
+ setattr(self, CertSearchRequest.search_params[param], value)
setattr(self, 'revokedByInUse', True)
- if param == 'revoked_on_from' or param == 'revoked_on_to':
- setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
+ if param in {'revoked_on_from', 'revoked_on_to'}:
+ setattr(self, CertSearchRequest.search_params[param], value)
setattr(self, 'revokedOnInUse', True)
if param == 'revocation_reason':
- setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
+ setattr(self, CertSearchRequest.search_params[param], value)
setattr(self, 'revocationReasonInUse', True)
if param == 'issued_by':
- setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
+ setattr(self, CertSearchRequest.search_params[param], value)
setattr(self, 'issuedByInUse', True)
- if param == 'issued_on_from' or param == 'issued_on_to':
- setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
+ if param in {'issued_on_from', 'issued_on_to'}:
+ setattr(self, CertSearchRequest.search_params[param], value)
setattr(self, 'issuedOnInUse', True)
- if param == 'valid_not_before_from' or param ==
'valid_not_before_to':
- setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
+ if param in {'valid_not_before_from',
'valid_not_before_to'}:
+ setattr(self, CertSearchRequest.search_params[param], value)
setattr(self, 'validNotBeforeInUse', True)
- if param == 'valid_not_after_from' or param ==
'valid_not_after_to':
- setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
+ if param in {'valid_not_after_from', 'valid_not_after_to'}:
+ setattr(self, CertSearchRequest.search_params[param], value)
setattr(self, 'validNotAfterInUse', True)
- if param == 'validity_operation' or param ==
'validity_count' or param == 'validity_unit':
- setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
+ if param in {
+ 'validity_operation', 'validity_count',
'validity_unit'
+ }:
+ setattr(self, CertSearchRequest.search_params[param], value)
setattr(self, 'validityLengthInUse', True)
- if param == 'cert_type_sub_email_ca' or param ==
'cert_type_sub_ssl_ca' \
- or param == 'cert_type_secure_email' or param ==
'cert_type_ssl_client' \
- or param == 'cert_type_ssl_server':
- setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
+ if param in {
+ 'cert_type_sub_email_ca', 'cert_type_sub_ssl_ca',
+ 'cert_type_secure_email', 'cert_type_ssl_client',
+ 'cert_type_ssl_server'
+ }:
+ setattr(self, CertSearchRequest.search_params[param], value)
setattr(self, 'certTypeInUse', True)
@@ -294,24 +341,28 @@ class CertRevokeRequest(object):
"""
An object of this class encapsulates all the
parameters required for revoking a certificate.
- """
- REASON_UNSPECIFIED = "Unspecified"
- REASON_KEY_COMPROMISE = "Key_Compromise"
- REASON_CA_COMPROMISE = "CA_Compromise"
- REASON_AFFILIATION_CHANGED = "Affiliation_Changed"
- REASON_SUPERSEDED = "Superseded"
- REASON_CESSATION_OF_OPERATION = "Cessation_of_Operation"
- REASON_CERTIFICATE_HOLD = "Certificate_Hold"
- REASON_REMOVE_FROM_CRL = "Remove_from_CRL"
- REASON_PRIVILEGE_WITHDRAWN = "Privilege_Withdrawn"
- REASON_AA_COMPROMISE = "AA_Compromise"
+ Valid values for reasons for revoking a request are:
+ 'Unspecified', 'Key_Compromise', 'CA_Compromise',
+ 'Affiliation_Changed', 'Superseded',
'Cessation_of_Operation',
+ 'Certificate_Hold', 'Remove_from_CRL',
'Privilege_Withdrawn',
+ 'AA_Compromise'
+ """
+ reasons = ['Unspecified', 'Key_Compromise',
'CA_Compromise',
+ 'Affiliation_Changed', 'Superseded',
'Cessation_of_Operation',
+ 'Certificate_Hold', 'Remove_from_CRL',
'Privilege_Withdrawn',
+ 'AA_Compromise']
def __init__(self, nonce, reason=None, invalidity_date=None, comments=None):
""" Constructor """
+
setattr(self, "Nonce", nonce)
+
if reason is None:
- reason = self.REASON_UNSPECIFIED
+ reason = 'Unspecified'
+ else:
+ if reason not in CertRevokeRequest.reasons:
+ raise ValueError('Invalid revocation reason specified.')
setattr(self, "Reason", reason)
if invalidity_date is not None:
setattr(self, "InvalidityDate", invalidity_date)
@@ -321,11 +372,13 @@ class CertRevokeRequest(object):
class CertEnrollmentRequest(object):
"""
- This class encapsulates the parameters required for a certificate enrollment
request.
+ This class encapsulates the parameters required for a certificate
+ enrollment request.
"""
- def __init__(self, profile_id=None, renewal=False, serial_number=None,
remote_host=None, remote_address=None,
- inputs=None, outputs=None):
+ def __init__(self, profile_id=None, renewal=False, serial_number=None,
+ remote_host=None, remote_address=None, inputs=None,
+ outputs=None):
""" Constructor """
self.profile_id = profile_id
self.renewal = renewal
@@ -443,14 +496,17 @@ class CertEnrollmentRequest(object):
enroll_request.inputs.append(profile.ProfileInput.from_json(inputs))
else:
for profile_input in inputs:
-
enroll_request.inputs.append(profile.ProfileInput.from_json(profile_input))
+ enroll_request.inputs.append(
+ profile.ProfileInput.from_json(profile_input))
outputs = json_value['Output']
if not isinstance(outputs, types.ListType):
- enroll_request.outputs.append(profile.ProfileOutput.from_json(outputs))
+ enroll_request.outputs.append(
+ profile.ProfileOutput.from_json(outputs))
else:
for profile_output in outputs:
-
enroll_request.outputs.append(profile.ProfileOutput.from_json(profile_output))
+ enroll_request.outputs.append(
+ profile.ProfileOutput.from_json(profile_output))
return enroll_request
@@ -462,14 +518,21 @@ class CertReviewResponse(CertEnrollmentRequest):
It contains a nonce required to perform action on the request.
"""
- def __init__(self, profile_id=None, renewal=False, serial_number=None,
remote_host=None, remote_address=None,
- inputs=None, outputs=None, nonce=None, request_id=None,
request_type=None, request_status=None,
- request_owner=None, request_creation_time=None,
request_modification_time=None, request_notes=None,
- profile_approval_by=None, profile_set_id=None, profile_is_visible=None,
profile_name=None,
- profile_description=None, profile_remote_host=None,
profile_remote_address=None, policy_sets=None):
+ def __init__(self, profile_id=None, renewal=False, serial_number=None,
+ remote_host=None, remote_address=None, inputs=None,
+ outputs=None, nonce=None, request_id=None, request_type=None,
+ request_status=None, request_owner=None,
+ request_creation_time=None, request_modification_time=None,
+ request_notes=None, profile_approval_by=None,
+ profile_set_id=None, profile_is_visible=None,
+ profile_name=None, profile_description=None,
+ profile_remote_host=None, profile_remote_address=None,
+ policy_sets=None):
- super(CertReviewResponse, self).__init__(profile_id, renewal, serial_number,
remote_host,
- remote_address, inputs, outputs)
+ super(CertReviewResponse, self).__init__(profile_id, renewal,
+ serial_number, remote_host,
+ remote_address, inputs,
+ outputs)
self.nonce = nonce
self.request_id = request_id
self.request_type = request_type
@@ -622,8 +685,10 @@ class CertReviewResponse(CertEnrollmentRequest):
review_response.request_type = json_value['requestType']
review_response.request_status = json_value['requestStatus']
review_response.request_owner = json_value['requestOwner']
- review_response.request_creation_time =
json_value['requestCreationTime']
- review_response.request_modification_time =
json_value['requestModificationTime']
+ review_response.request_creation_time = \
+ json_value['requestCreationTime']
+ review_response.request_modification_time = \
+ json_value['requestModificationTime']
review_response.request_notes = json_value['requestNotes']
review_response.profile_approved_by = json_value['profileApprovedBy']
review_response.profile_set_id = json_value['profileSetId']
@@ -635,18 +700,20 @@ class CertReviewResponse(CertEnrollmentRequest):
profile_policy_sets = json_value['ProfilePolicySet']
if not isinstance(profile_policy_sets, types.ListType):
-
review_response.policy_sets.append(profile.ProfilePolicySet.from_json(profile_policy_sets))
+ review_response.policy_sets.append(
+ profile.ProfilePolicySet.from_json(profile_policy_sets))
else:
for policy_set in profile_policy_sets:
-
review_response.policy_sets.append(profile.ProfilePolicySet.from_json(policy_set))
+ review_response.policy_sets.append(
+ profile.ProfilePolicySet.from_json(policy_set))
return review_response
class CertClient(object):
"""
- Class encapsulating and mirroring the functionality in the CertResource Java
interface class
- defining the REST API for Certificate resources.
+ Class encapsulating and mirroring the functionality in the CertResource
+ Java interface class defining the REST API for Certificate resources.
"""
def __init__(self, connection):
@@ -661,101 +728,122 @@ class CertClient(object):
self.enrollment_templates = {}
@pki.handle_exceptions()
- def get_cert(self, cert_id):
+ def get_cert(self, cert_serial_number):
""" Return a CertData object for a particular certificate.
"""
- if cert_id is None:
+ if cert_serial_number is None:
raise ValueError("Certificate ID must be specified")
- url = self.cert_url + '/' + str(cert_id)
+ url = self.cert_url + '/' + str(cert_serial_number)
r = self.connection.get(url, self.headers)
return CertData.from_json(r.json())
@pki.handle_exceptions()
- def list_certs(self, max_results=None, max_time=None, start=None, size=None,
**cert_search_params):
- """ Return a CertDataInfoCollection object with a information
about all the
- certificates that satisfy the search criteria.
+ def list_certs(self, max_results=None, max_time=None, start=None, size=None,
+ **cert_search_params):
+ """ Return a CertDataInfoCollection object with a information
about all
+ the certificates that satisfy the search criteria.
If cert_search_request=None, returns all the certificates.
"""
url = self.cert_url + '/search'
- query_params = {"maxResults": max_results, "maxTime":
max_time, "start": start, "size": size}
+ query_params = {"maxResults": max_results, "maxTime":
max_time,
+ "start": start, "size": size}
cert_search_request = CertSearchRequest(**cert_search_params)
- search_request = json.dumps(cert_search_request, cls=encoder.CustomTypeEncoder,
sort_keys=True)
- response = self.connection.post(url, search_request, self.headers,
query_params)
+ search_request = json.dumps(cert_search_request,
+ cls=encoder.CustomTypeEncoder,
+ sort_keys=True)
+ response = self.connection.post(url, search_request, self.headers,
+ query_params)
return CertDataInfoCollection.from_json(response.json())
@pki.handle_exceptions()
- def review_cert(self, cert_id):
+ def review_cert(self, cert_serial_number):
""" Reviews a certificate. Returns a CertData object with a
nonce.
- This method requires an agent's authentication cert in the connection
object.
+ This method requires an agent's authentication cert in the
+ connection object.
"""
- if cert_id is None:
+ if cert_serial_number is None:
raise ValueError("Certificate ID must be specified")
- url = self.agent_cert_url + '/' + str(cert_id)
+ url = self.agent_cert_url + '/' + str(cert_serial_number)
r = self.connection.get(url, self.headers)
return CertData.from_json(r.json())
- def _submit_revoke_request(self, url, cert_id, revocation_reason=None,
invalidity_date=None, comments=None,
- nonce=None):
+ def _submit_revoke_request(self, url, cert_serial_number,
+ revocation_reason=None, invalidity_date=None,
+ comments=None, nonce=None):
"""
Submits a certificate revocation request.
Expects the URL for submitting the request.
Creates a CertRevokeRequest object using the arguments provided.
- If nonce is passed as an argument, reviews the cert to get a nonce from the
server
- and passes it in the request.
+ If nonce is passed as an argument, reviews the cert to get a nonce
+ from the server and passes it in the request.
Returns a CertRequestInfo object.
"""
- if cert_id is None:
+ if cert_serial_number is None:
raise ValueError("Certificate ID must be specified")
if url is None:
raise ValueError("URL not specified")
if nonce is None:
- cert_data = self.review_cert(cert_id)
+ cert_data = self.review_cert(cert_serial_number)
nonce = cert_data.nonce
- request = CertRevokeRequest(nonce, revocation_reason, invalidity_date,
comments)
- revoke_request = json.dumps(request, cls=encoder.CustomTypeEncoder,
sort_keys=True)
+ request = CertRevokeRequest(nonce, revocation_reason, invalidity_date,
+ comments)
+ revoke_request = json.dumps(request, cls=encoder.CustomTypeEncoder,
+ sort_keys=True)
r = self.connection.post(url, revoke_request, headers=self.headers)
return CertRequestInfo.from_json(r.json())
@pki.handle_exceptions()
- def revoke_cert(self, cert_id, revocation_reason=None, invalidity_date=None,
comments=None, nonce=None):
+ def revoke_cert(self, cert_serial_number, revocation_reason=None,
+ invalidity_date=None, comments=None, nonce=None):
""" Revokes a certificate.
Returns a CertRequestInfo object with information about the request.
- This method requires an agent's authentication cert in the connection
object.
+ This method requires an agent's authentication cert in the
+ connection object.
"""
- url = self.agent_cert_url + '/' + str(cert_id) + '/revoke'
- return self._submit_revoke_request(url, cert_id, revocation_reason,
invalidity_date, comments, nonce)
+ url = self.agent_cert_url + '/' + str(cert_serial_number) +
'/revoke'
+ return self._submit_revoke_request(url, cert_serial_number,
+ revocation_reason, invalidity_date,
+ comments, nonce)
@pki.handle_exceptions()
- def revoke_ca_cert(self, cert_id, revocation_reason=None, invalidity_date=None,
comments=None, nonce=None):
+ def revoke_ca_cert(self, cert_serial_number, revocation_reason=None,
+ invalidity_date=None, comments=None, nonce=None):
""" Revokes a CA certificate.
Returns a CertRequestInfo object with information about the request.
- This method requires an agent's authentication cert in the connection
object.
+ This method requires an agent's authentication cert in the
+ connection object.
"""
- url = self.agent_cert_url + '/' + str(cert_id) + '/revoke-ca'
- return self._submit_revoke_request(url, cert_id, revocation_reason,
invalidity_date, comments, nonce)
+ url = self.agent_cert_url + '/' + str(cert_serial_number) +
'/revoke-ca'
+ return self._submit_revoke_request(url, cert_serial_number,
+ revocation_reason, invalidity_date,
+ comments, nonce)
@pki.handle_exceptions()
- def hold_cert(self, cert_id, comments=None):
+ def hold_cert(self, cert_serial_number, comments=None):
""" Places a certificate on-hold.
- Calls the revoke_cert method with reason -
CertRevokeRequest.REASON_CERTIFICATE_HOLD.
+ Calls the revoke_cert method with reason -
+ CertRevokeRequest.REASON_CERTIFICATE_HOLD.
Returns a CertRequestInfo object.
- This method requires an agent's authentication cert in the connection
object.
+ This method requires an agent's authentication cert in the
+ connection object.
"""
- return self.revoke_cert(cert_id, CertRevokeRequest.REASON_CERTIFICATE_HOLD,
comments=comments)
+ return self.revoke_cert(cert_serial_number, 'Certificate_Hold',
+ comments=comments)
@pki.handle_exceptions()
- def unrevoke_cert(self, cert_id):
+ def unrevoke_cert(self, cert_serial_number):
""" Un-revokes a revoked certificate.
Returns a CertRequestInfo object.
- This method requires an agent's authentication cert in the connection
object.
+ This method requires an agent's authentication cert in the
+ connection object.
"""
- if cert_id is None:
+ if cert_serial_number is None:
raise ValueError("Certificate ID must be specified")
- url = self.agent_cert_url + '/' + str(cert_id) + '/unrevoke'
+ url = self.agent_cert_url + '/' + str(cert_serial_number) +
'/unrevoke'
r = self.connection.post(url, None, headers=self.headers)
return CertRequestInfo.from_json(r.json())
@@ -774,8 +862,9 @@ class CertClient(object):
return CertRequestInfo.from_json(r.json())
@pki.handle_exceptions()
- def list_requests(self, request_status=None, request_type=None,
from_request_id=None, size=None,
- max_results=None, max_time=None):
+ def list_requests(self, request_status=None, request_type=None,
+ from_request_id=None, size=None, max_results=None,
+ max_time=None):
"""
Query for a list of certificates using the arguments passed.
Returns a CertRequestInfoCollection object.
@@ -789,7 +878,8 @@ class CertClient(object):
'maxResults': max_results,
'maxTime': max_time
}
- r = self.connection.get(self.agent_cert_requests_url, self.headers,
query_params)
+ r = self.connection.get(self.agent_cert_requests_url, self.headers,
+ query_params)
return CertRequestInfoCollection.from_json(r.json())
@pki.handle_exceptions()
@@ -819,15 +909,17 @@ class CertClient(object):
cert_review_response = self.review_request(request_id)
url = self.agent_cert_requests_url + '/' + request_id + '/' +
action
- review_response = json.dumps(cert_review_response,
cls=encoder.CustomTypeEncoder, sort_keys=True)
+ review_response = json.dumps(cert_review_response,
+ cls=encoder.CustomTypeEncoder,
+ sort_keys=True)
r = self.connection.post(url, review_response, headers=self.headers)
return r
def approve_request(self, request_id, cert_review_response=None):
"""
Approves a certificate enrollment request.
- If cert_review_response is None, a review request operation is performed to
fetch the
- CertReviewResponse object.
+ If cert_review_response is None, a review request operation is performed
+ to fetch the CertReviewResponse object.
Requires as agent level authentication.
"""
return self._perform_action(request_id, cert_review_response,
'approve')
@@ -835,17 +927,17 @@ class CertClient(object):
def cancel_request(self, request_id, cert_review_response=None):
"""
Cancels a certificate enrollment request.
- If cert_review_response is None, a review request operation is performed to
fetch the
- CertReviewResponse object.
+ If cert_review_response is None, a review request operation is performed
+ to fetch the CertReviewResponse object.
Requires as agent level authentication.
"""
return self._perform_action(request_id, cert_review_response, 'cancel')
- def reject_request(self, request_id, cert_review_response=None):
+ def reject_request(self, request_id, cert_review_response=None):
"""
Rejects a certificate enrollment request.
- If cert_review_response is None, a review request operation is performed to
fetch the
- CertReviewResponse object.
+ If cert_review_response is None, a review request operation is performed
+ to fetch the CertReviewResponse object.
Requires as agent level authentication.
"""
return self._perform_action(request_id, cert_review_response, 'reject')
@@ -853,17 +945,18 @@ class CertClient(object):
def validate_request(self, request_id, cert_review_response):
"""
Validates a certificate enrollment request.
- If cert_review_response is None, a review request operation is performed to
fetch the
- CertReviewResponse object.
+ If cert_review_response is None, a review request operation is performed
+ to fetch the CertReviewResponse object.
Requires as agent level authentication.
"""
- return self._perform_action(request_id, cert_review_response,
'validate')
+ return self._perform_action(request_id, cert_review_response,
+ 'validate')
def update_request(self, request_id, cert_review_response):
"""
Updates a certificate enrollment request.
- If cert_review_response is None, a review request operation is performed to
fetch the
- CertReviewResponse object.
+ If cert_review_response is None, a review request operation is performed
+ to fetch the CertReviewResponse object.
Requires as agent level authentication.
"""
return self._perform_action(request_id, cert_review_response, 'update')
@@ -871,8 +964,8 @@ class CertClient(object):
def assign_request(self, request_id, cert_review_response):
"""
Assigns a certificate enrollment request.
- If cert_review_response is None, a review request operation is performed to
fetch the
- CertReviewResponse object.
+ If cert_review_response is None, a review request operation is performed
+ to fetch the CertReviewResponse object.
Requires as agent level authentication.
"""
return self._perform_action(request_id, cert_review_response, 'assign')
@@ -880,17 +973,19 @@ class CertClient(object):
def unassign_request(self, request_id, cert_review_response):
"""
Un-assigns a certificate enrollment request.
- If cert_review_response is None, a review request operation is performed to
fetch the
- CertReviewResponse object.
+ If cert_review_response is None, a review request operation is performed
+ to fetch the CertReviewResponse object.
Requires as agent level authentication.
"""
- return self._perform_action(request_id, cert_review_response,
'unassign')
+ return self._perform_action(request_id, cert_review_response,
+ 'unassign')
@pki.handle_exceptions()
def list_enrollment_templates(self, start=None, size=None):
"""
Gets the list of profile templates supported by the CA.
- The values for start and size arguments determine the starting point and the
length of the list.
+ The values for start and size arguments determine the starting point and
+ the length of the list.
Returns a ProfileDataInfoCollection object.
"""
@@ -900,7 +995,6 @@ class CertClient(object):
'size': size
}
r = self.connection.get(url, self.headers, query_params)
- print r
return profile.ProfileDataInfoCollection.from_json(r.json())
@pki.handle_exceptions()
@@ -908,10 +1002,13 @@ class CertClient(object):
"""
Fetch the enrollment template for the given profile id.
For the first time, the request is sent to the server.
- The retrieved CertEnrollmentRequest object is then cached locally for future
requests.
+ The retrieved CertEnrollmentRequest object is then cached locally for
+ future requests.
Returns a CerEnrollmentRequest object.
"""
+ if profile_id is None:
+ raise ValueError("Profile ID must be specified.")
if profile_id in self.enrollment_templates:
return copy.deepcopy(self.enrollment_templates[profile_id])
url = self.cert_requests_url + '/profiles/' + str(profile_id)
@@ -927,8 +1024,10 @@ class CertClient(object):
def create_enrollment_request(self, profile_id, inputs):
"""
Fetches the enrollment request object for the given profile and
- sets values to its attributes using the values provided in the inputs
dictionary.
- Returns the CertEnrollmentRequest object, which can be submitted to enroll a
certificate.
+ sets values to its attributes using the values provided in the inputs
+ dictionary.
+ Returns the CertEnrollmentRequest object, which can be submitted to
+ enroll a certificate.
"""
if inputs is None or len(inputs) == 0:
raise ValueError("No inputs provided.")
@@ -945,42 +1044,48 @@ class CertClient(object):
def submit_enrollment_request(self, enrollment_request):
"""
Submits the CertEnrollmentRequest object to the server.
- Returns a CertRequestInfoCollection object with information about the
certificate requests
- enrolled at the CA.
+ Returns a CertRequestInfoCollection object with information about the
+ certificate requests enrolled at the CA.
"""
- request_object = json.dumps(enrollment_request, cls=encoder.CustomTypeEncoder,
sort_keys=True)
- r = self.connection.post(self.cert_requests_url, request_object, self.headers)
+ request_object = json.dumps(enrollment_request,
+ cls=encoder.CustomTypeEncoder,
+ sort_keys=True)
+ r = self.connection.post(self.cert_requests_url, request_object,
+ self.headers)
return CertRequestInfoCollection.from_json(r.json())
@pki.handle_exceptions()
def enroll_cert(self, profile_id, inputs):
"""
A convenience method for enrolling a certificate for a given profile id.
- The inputs parameter should be a dictionary with values for the profile
attributes
- for an enrollment request.
+ The inputs parameter should be a dictionary with values for the profile
+ attributes for an enrollment request.
- Calling this method with valid arguments, creates an enrollment request, submits
it
- to the server, approves the certificate requests generated for the enrollment
and
- returns a list of CertData objects for all the certificates generated as part of
this
- enrollment.
+ Calling this method with valid arguments, creates an enrollment request,
+ submits it to the server, approves the certificate requests generated
+ for the enrollment and returns a list of CertData objects for all the
+ certificates generated as part of this enrollment.
- Note: This method supports only certificate enrollment where only one agent
approval
- is sufficient.
+ Note: This method supports only certificate enrollment where only one
+ agent approval is sufficient.
Requires an agent level authentication.
+ Returns a list of CertData objects.
"""
- # Create a CertEnrollmentRequest object using the inputs for the given profile
id.
+ # Create a CertEnrollmentRequest object using the inputs for the given
+ # profile id.
enroll_request = self.create_enrollment_request(profile_id, inputs)
# Submit the enrollment request
cert_request_infos = self.submit_enrollment_request(enroll_request)
# Approve the requests generated for the certificate enrollment.
- # Fetch the CertData objects for all the certificates created and return to the
caller.
+ # Fetch the CertData objects for all the certificates created and
+ # return to the caller.
certificates = []
- for cert_request_info in cert_request_infos.cert_info_list:
+ for cert_request_info in cert_request_infos.cert_request_info_list:
request_id = cert_request_info.request_id
self.approve_request(request_id)
cert_id = self.get_request(request_id).cert_id
@@ -1010,7 +1115,8 @@ def main():
# Create a PKIConnection object that stores the details of the CA.
connection = client.PKIConnection('https', 'localhost',
'8443', 'ca')
- # The pem file used for authentication. Created from a p12 file using the command -
+ # The pem file used for authentication. Created from a p12 file using the
+ # command -
# openssl pkcs12 -in <p12_file_path> -out /tmp/auth.pem -nodes
connection.set_authentication_cert("/tmp/auth.pem")
@@ -1025,13 +1131,19 @@ def main():
inputs = dict()
inputs['cert_request_type'] = 'crmf'
- inputs['cert_request'] =
"MIIBpDCCAaAwggEGAgUA5n9VYTCBx4ABAqUOMAwxCjAIBgNVBAMTAXimgZ8wDQYJKoZIhvcNAQEBBQAD"
\
-
"gY0AMIGJAoGBAK/SmUVoUjBtqHNw/e3OoCSXw42pdQSR53/eYJWpf7nyTbZ9UuIhGfXOtxy5vRetmDHE"
\
-
"9u0AopmuJbr1rL17/tSnDakpkE9umQ2lMOReLloSdX32w2xOeulUwh5BGbFpq10S0SvW1H93Vn0eCy2a"
\
-
"a4UtILNEsp7JJ3FnYJibfuMPAgMBAAGpEDAOBgNVHQ8BAf8EBAMCBeAwMzAVBgkrBgEFBQcFAQEMCHJl"
\
-
"Z1Rva2VuMBoGCSsGAQUFBwUBAgwNYXV0aGVudGljYXRvcqGBkzANBgkqhkiG9w0BAQUFAAOBgQCuywnr"
\
-
"Dk/wGwfbguw9oVs9gzFQwM4zeFbk+z82G5CWoG/4mVOT5LPL5Q8iF+KfnaU9Qcu6zZPxW6ZmDd8WpPJ+"
\
-
"MTPyQl3Q5BfiKa4l5ra1NeqxMOlMiiupwINmm7jd1KaA2eIjuyC8/gTaO4b14R6aRaOj+Scp9cNYbthA7REhJw=="
+ inputs['cert_request'] =
"MIIBpDCCAaAwggEGAgUA5n9VYTCBx4ABAqUOMAwxCjAIBgN" \
+ "VBAMTAXimgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK"
\
+ "/SmUVoUjBtqHNw/e3OoCSXw42pdQSR53/eYJWpf7nyTbZ9U"
\
+ "uIhGfXOtxy5vRetmDHE9u0AopmuJbr1rL17/tSnDakpkE9u"
\
+ "mQ2lMOReLloSdX32w2xOeulUwh5BGbFpq10S0SvW1H93Vn0"
\
+ "eCy2aa4UtILNEsp7JJ3FnYJibfuMPAgMBAAGpEDAOBgNVHQ"
\
+ "8BAf8EBAMCBeAwMzAVBgkrBgEFBQcFAQEMCHJlZ1Rva2VuM"
\
+ "BoGCSsGAQUFBwUBAgwNYXV0aGVudGljYXRvcqGBkzANBgkq"
\
+ "hkiG9w0BAQUFAAOBgQCuywnrDk/wGwfbguw9oVs9gzFQwM4"
\
+ "zeFbk+z82G5CWoG/4mVOT5LPL5Q8iF+KfnaU9Qcu6zZPxW6"
\
+ "ZmDd8WpPJ+MTPyQl3Q5BfiKa4l5ra1NeqxMOlMiiupwINmm"
\
+ "7jd1KaA2eIjuyC8/gTaO4b14R6aRaOj+Scp9cNYbthA7REh"
\
+ "Jw=="
inputs['sn_uid'] = 'test12345'
inputs['sn_e'] = 'example(a)redhat.com'
inputs['sn_cn'] = 'TestUser'
@@ -1053,13 +1165,18 @@ def main():
inputs = dict()
inputs['cert_request_type'] = 'pkcs10'
- inputs['cert_request'] =
"MIIBmDCCAQECAQAwWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5DMRAwDgYDVQQHDAdSYWxlaWdoMRUwE"
\
-
"wYDVQQKDAxSZWQgSGF0IEluYy4xEzARBgNVBAMMClRlc3RTZXJ2ZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY"
\
-
"0AMIGJAoGBAMJpWz92dSYCvWxllrQCY5atPKCswUwyppRNGPnKmJ77AdHBBI4dFyET+h/+69jQMTLZMa8"
\
-
"FX7SbyHvgbgLBP4Q/RzCSE2S87qFNjriOqiQCqJmcrzDzdncJQiP+O7T6MSpLo3smLP7dK1Vd7vK0Vy8y"
\
-
"HwV0eBx7DgYedv2slBPHAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQBvkxAGKwkfK3TKwLc5Mg0IWp8zG"
\
-
"RVwxdIlghAL8DugNocCNNgmZazglJOOehLuk0/NkLX1ZM5RrVgM09W6kcfWZtIwr5Uje2K/+6tW2ZTGrb"
\
-
"izs7CNOTMzA/9H8CkHb4H9P/qRT275zHIocYj4smUnXLwWGsBMeGs+OMMbGvSrHg=="
+ inputs['cert_request'] =
"MIIBmDCCAQECAQAwWDELMAkGA1UEBhMCVVMxCzAJBgNVBAg" \
+ "MAk5DMRAwDgYDVQQHDAdSYWxlaWdoMRUwEwYDVQQKDAxSZW"
\
+ "QgSGF0IEluYy4xEzARBgNVBAMMClRlc3RTZXJ2ZXIwgZ8wD"
\
+ "QYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMJpWz92dSYCvWxl"
\
+ "lrQCY5atPKCswUwyppRNGPnKmJ77AdHBBI4dFyET+h/+69j"
\
+ "QMTLZMa8FX7SbyHvgbgLBP4Q/RzCSE2S87qFNjriOqiQCqJ"
\
+ "mcrzDzdncJQiP+O7T6MSpLo3smLP7dK1Vd7vK0Vy8yHwV0e"
\
+ "Bx7DgYedv2slBPHAgMBAAGgADANBgkqhkiG9w0BAQUFAAOB"
\
+ "gQBvkxAGKwkfK3TKwLc5Mg0IWp8zGRVwxdIlghAL8DugNoc"
\
+ "CNNgmZazglJOOehLuk0/NkLX1ZM5RrVgM09W6kcfWZtIwr5"
\
+ "Uje2K/+6tW2ZTGrbizs7CNOTMzA/9H8CkHb4H9P/qRT275z"
\
+ "HIocYj4smUnXLwWGsBMeGs+OMMbGvSrHg=="
inputs['requestor_name'] = 'Tester'
inputs['requestor_email'] = 'example(a)redhat.com'
@@ -1080,8 +1197,8 @@ def main():
search_params = {'status': 'VALID'}
cert_data_list = cert_client.list_certs(**search_params)
- for cert_data_info in cert_data_list.cert_info_list:
- print("Serial Number: " + cert_data_info.cert_id)
+ for cert_data_info in cert_data_list:
+ print("Serial Number: " + cert_data_info.serial_number)
print("Subject DN: " + cert_data_info.subject_dn)
print("Status: " + cert_data_info.status)
print
@@ -1099,7 +1216,8 @@ def main():
# Certificate Serial Number used for CertClient methods.
# 7, 0x7 and '0x7' are also valid values
- # Following examples use the serial number of the user certificate enrolled before.
+ # Following examples use the serial number of the user certificate enrolled
+ # before.
cert_id = cert_data_infos[0].serial_number
#Get certificate data
@@ -1136,9 +1254,8 @@ def main():
print('Revoking a certificate')
print('----------------------')
- cert_request_info = cert_client.revoke_cert(cert_data.serial_number,
-
revocation_reason=CertRevokeRequest.REASON_CERTIFICATE_HOLD,
- comments="Test revoking a
cert", nonce=cert_data.nonce)
+ cert_request_info = cert_client.hold_cert(cert_data.serial_number,
+ comments="Test revoking a
cert")
print('Request ID: ' + cert_request_info.request_id)
print('Request Type: ' + cert_request_info.request_type)
print('Request Status: ' + cert_request_info.request_status)
diff --git a/base/common/python/pki/profile.py b/base/common/python/pki/profile.py
index 83cd8bcca0d9ad3841b0b6b74e2aa4a6724e5bbc..34aa32eca0554259f5aab9b17f33970de93d39fb
100644
--- a/base/common/python/pki/profile.py
+++ b/base/common/python/pki/profile.py
@@ -14,12 +14,24 @@ import pki.account as account
class ProfileDataInfo(object):
"""Stores information about a profile"""
+
def __init__(self):
self.profile_id = None
self.profile_name = None
self.profile_description = None
self.profile_url = None
+ def __repr__(self):
+ attributes = {
+ "ProfileDataInfo": {
+ 'profile_id': self.profile_id,
+ 'name': self.profile_name,
+ 'description': self.profile_description,
+ 'url': self.profile_url
+ }
+ }
+ return str(attributes)
+
@classmethod
def from_json(cls, attr_list):
profile_data_info = cls()
@@ -41,15 +53,20 @@ class ProfileDataInfoCollection(object):
self.profile_data_list = []
self.links = []
+ def __iter__(self):
+ return iter(self.profile_data_list)
+
@classmethod
def from_json(cls, json_value):
ret = cls()
profile_data_infos = json_value['entries']
if not isinstance(profile_data_infos, types.ListType):
- ret.profile_data_list.append(ProfileDataInfo.from_json(profile_data_infos))
+ ret.profile_data_list.append(
+ ProfileDataInfo.from_json(profile_data_infos))
else:
for profile_info in profile_data_infos:
- ret.profile_data_list.append(ProfileDataInfo.from_json(profile_info))
+ ret.profile_data_list.append(
+ ProfileDataInfo.from_json(profile_info))
links = json_value['Link']
if not isinstance(links, types.ListType):
@@ -64,10 +81,12 @@ class ProfileDataInfoCollection(object):
class Descriptor(object):
"""
This class represents the description of a ProfileAttribute.
- It stores information such as the syntax, constraint and default value of a profile
attribute.
+ It stores information such as the syntax, constraint and default value of
+ a profile attribute.
"""
- def __init__(self, syntax=None, constraint=None, description=None,
default_value=None):
+ def __init__(self, syntax=None, constraint=None, description=None,
+ default_value=None):
self.syntax = syntax
self.constraint = constraint
self.description = description
@@ -118,6 +137,7 @@ class ProfileAttribute(object):
"""
Represents a profile attribute of a ProfileInput.
"""
+
def __init__(self, name=None, value=None, descriptor=None):
self.name = name
self.value = value
@@ -158,8 +178,8 @@ class ProfileInput(object):
Ex. Subject name, Requestor Information etc.
"""
- def __init__(self, profile_input_id=None, class_id=None, name=None, text=None,
attributes=None,
- config_attributes=None):
+ def __init__(self, profile_input_id=None, class_id=None, name=None,
+ text=None, attributes=None, config_attributes=None):
self.profile_input_id = profile_input_id
self.class_id = class_id
@@ -261,17 +281,21 @@ class ProfileInput(object):
attributes = json_value['Attribute']
if not isinstance(attributes, types.ListType):
- profile_input.attributes.append(ProfileAttribute.from_json(attributes))
+ profile_input.attributes.append(
+ ProfileAttribute.from_json(attributes))
else:
for profile_info in attributes:
-
profile_input.attributes.append(ProfileAttribute.from_json(profile_info))
+ profile_input.attributes.append(
+ ProfileAttribute.from_json(profile_info))
config_attributes = json_value['ConfigAttribute']
if not isinstance(config_attributes, types.ListType):
-
profile_input.config_attributes.append(ProfileAttribute.from_json(config_attributes))
+ profile_input.config_attributes.append(
+ ProfileAttribute.from_json(config_attributes))
else:
for config_attribute in config_attributes:
-
profile_input.config_attributes.append(ProfileAttribute.from_json(config_attribute))
+ profile_input.config_attributes.append(
+ ProfileAttribute.from_json(config_attribute))
return profile_input
@@ -282,7 +306,8 @@ class ProfileOutput(object):
using a profile.
"""
- def __init__(self, profile_output_id=None, name=None, text=None, class_id=None,
attributes=None):
+ def __init__(self, profile_output_id=None, name=None, text=None,
+ class_id=None, attributes=None):
self.profile_output_id = profile_output_id
self.name = name
self.text = text
@@ -332,15 +357,16 @@ class ProfileOutput(object):
profile_output.class_id = json_value['classId']
attributes = json_value['attributes']
if not isinstance(attributes, types.ListType):
- profile_output.attributes.append(ProfileAttribute.from_json(attributes))
+ profile_output.attributes.append(
+ ProfileAttribute.from_json(attributes))
else:
for profile_info in attributes:
-
profile_output.attributes.append(ProfileAttribute.from_json(profile_info))
+ profile_output.attributes.append(
+ ProfileAttribute.from_json(profile_info))
return profile_output
class ProfileParameter(object):
-
def __init__(self, name=None, value=None):
self.name = name
self.value = value
@@ -355,10 +381,12 @@ class ProfileParameter(object):
class PolicyDefault(object):
"""
- An object of this class contains information of the default usage of a specific
ProfileInput.
+ An object of this class contains information of the default usage of a
+ specific ProfileInput.
"""
- def __init__(self, name=None, class_id=None, description=None,
policy_attributes=None, policy_params=None):
+ def __init__(self, name=None, class_id=None, description=None,
+ policy_attributes=None, policy_params=None):
self.name = name
self.class_id = class_id
self.description = description
@@ -415,24 +443,27 @@ class PolicyDefault(object):
if 'policyAttribute' in json_value:
attributes = json_value['policyAttribute']
if not isinstance(attributes, types.ListType):
-
policy_def.policy_attributes.append(ProfileAttribute.from_json(attributes))
+ policy_def.policy_attributes.append(
+ ProfileAttribute.from_json(attributes))
else:
for attr in attributes:
-
policy_def.policy_attributes.append(ProfileAttribute.from_json(attr))
+ policy_def.policy_attributes.append(
+ ProfileAttribute.from_json(attr))
if 'params' in json_value:
params = json_value['params']
if not isinstance(params, types.ListType):
- policy_def.policy_params.append(ProfileParameter.from_json(params))
+ policy_def.policy_params.append(
+ ProfileParameter.from_json(params))
else:
for param in params:
- policy_def.policy_params.append(ProfileParameter.from_json(param))
+ policy_def.policy_params.append(
+ ProfileParameter.from_json(param))
return policy_def
class PolicyConstraintValue(object):
-
def __init__(self, name=None, value=None, descriptor=None):
self.name = name
self.value = value
@@ -460,11 +491,12 @@ class PolicyConstraintValue(object):
class PolicyConstraint(object):
"""
- An object of this class contains the policy constraints applied to a ProfileInput
- used by a certificate enrollment request.
+ An object of this class contains the policy constraints applied to a
+ ProfileInput used by a certificate enrollment request.
"""
- def __init__(self, name=None, description=None, class_id=None,
policy_constraint_values=None):
+ def __init__(self, name=None, description=None, class_id=None,
+ policy_constraint_values=None):
self.name = name
self.description = description
self.class_id = class_id
@@ -509,10 +541,12 @@ class PolicyConstraint(object):
if 'constraint' in json_value:
constraints = json_value['constraint']
if not isinstance(constraints, types.ListType):
-
policy_constraint.policy_constraint_values.append(PolicyConstraintValue.from_json(constraints))
+ policy_constraint.policy_constraint_values.append(
+ PolicyConstraintValue.from_json(constraints))
else:
for constraint in constraints:
-
policy_constraint.policy_constraint_values.append(PolicyConstraintValue.from_json(constraint))
+ policy_constraint.policy_constraint_values.append(
+ PolicyConstraintValue.from_json(constraint))
return policy_constraint
@@ -520,11 +554,13 @@ class PolicyConstraint(object):
class ProfilePolicy(object):
"""
This class represents the policy a profile adheres to.
- An object of this class stores the default values for profile and the constraints
present on the
- values of the attributes of the profile submitted for an enrollment request.
+ An object of this class stores the default values for profile and the
+ constraints present on the values of the attributes of the profile submitted
+ for an enrollment request.
"""
- def __init__(self, policy_id=None, policy_default=None, policy_constraint=None):
+ def __init__(self, policy_id=None, policy_default=None,
+ policy_constraint=None):
self.policy_id = policy_id
self.policy_default = policy_default
self.policy_constraint = policy_constraint
@@ -563,6 +599,7 @@ class ProfilePolicySet(object):
"""
Stores a list of ProfilePolicy objects.
"""
+
def __init__(self):
self.policies = []
@@ -585,6 +622,7 @@ class PolicySet(object):
An object of this class contains a name value pair of the
policy name and the ProfilePolicy object.
"""
+
def __init__(self, name=None, policy_list=None):
self.name = name
if policy_list is None:
@@ -620,6 +658,8 @@ class PolicySet(object):
for policy in policies:
policy_set.policy_list.append(ProfilePolicy.from_json(policy))
+ return policy_set
+
class PolicySetList(object):
"""
@@ -648,7 +688,8 @@ class PolicySetList(object):
policy_set_list.policy_sets.append(PolicySet.from_json(policy_sets))
else:
for policy_set in policy_sets:
- policy_set_list.policy_sets.append(PolicySet.from_json(policy_set))
+ policy_set_list.policy_sets.append(
+ PolicySet.from_json(policy_set))
class ProfileData(object):
@@ -656,9 +697,11 @@ class ProfileData(object):
This class represents an enrollment profile.
"""
- def __init__(self, profile_id=None, class_id=None, name=None, description=None,
enabled=None, visible=None,
- enabled_by=None, authenticator_id=None, authorization_acl=None,
renewal=None, xml_output=None,
- inputs=None, outputs=None, policy_sets=None, link=None):
+ def __init__(self, profile_id=None, class_id=None, name=None,
+ description=None, enabled=None, visible=None, enabled_by=None,
+ authenticator_id=None, authorization_acl=None, renewal=None,
+ xml_output=None, inputs=None, outputs=None, policy_sets=None,
+ link=None):
self.profile_id = profile_id
self.name = name
@@ -779,31 +822,49 @@ class ProfileData(object):
profile_data.inputs.append(ProfileInput.from_json(profile_inputs))
else:
for profile_input in profile_inputs:
- profile_data.policy_sets.append(ProfileInput.from_json(profile_input))
+ profile_data.inputs.append(
+ ProfileInput.from_json(profile_input))
profile_outputs = json_value['Output']
if not isinstance(profile_outputs, types.ListType):
- profile_data.outputs.append(ProfileOutput.from_json(profile_outputs))
+ profile_data.outputs.append(
+ ProfileOutput.from_json(profile_outputs))
else:
for profile_output in profile_outputs:
-
profile_data.policy_sets.append(ProfileOutput.from_json(profile_output))
+ profile_data.outputs.append(
+ ProfileOutput.from_json(profile_output))
policy_sets = json_value['PolicySets']
if not isinstance(policy_sets, types.ListType):
- profile_data.policy_sets.append(PolicySetList.from_json(policy_sets))
+ profile_data.policy_sets.append(
+ PolicySetList.from_json(policy_sets))
else:
for policy_set in policy_sets:
- profile_data.policy_sets.append(PolicySetList.from_json(policy_set))
+ profile_data.policy_sets.append(
+ PolicySetList.from_json(policy_set))
profile_data.link = pki.Link.from_json(json_value['link'])
return profile_data
+ def __repr__(self):
+ attributes = {
+ "ProfileData": {
+ 'profile_id': self.profile_id,
+ 'name': self.name,
+ 'description': self.description,
+ 'status': ('enabled' if self.enabled else
'disabled'),
+ 'visible': self.visible
+ }
+ }
+ return str(attributes)
+
class ProfileClient(object):
"""
This class consists of methods for accessing the ProfileResource.
"""
+
def __init__(self, connection):
self.connection = connection
self.headers = {'Content-type': 'application/json',
@@ -856,7 +917,8 @@ class ProfileClient(object):
if profile_id is None:
raise ValueError("Profile ID must be specified.")
if action is None:
- raise ValueError("A valid action(enable/disable) must be
specified.")
+ raise ValueError("A valid action(enable/disable) must be "
+ "specified.")
url = self.profiles_url + '/' + str(profile_id)
params = {'action': action}
@@ -881,7 +943,8 @@ def main():
# Initialize a PKIConnection object for the CA
connection = client.PKIConnection('https', 'localhost',
'8443', 'ca')
- # The pem file used for authentication. Created from a p12 file using the command -
+ # The pem file used for authentication. Created from a p12 file using the
+ # command -
# openssl pkcs12 -in <p12_file_path> -out /tmp/auth.pem -nodes
connection.set_authentication_cert("/tmp/auth.pem")
@@ -892,7 +955,7 @@ def main():
profile_data_infos = profile_client.list_profiles()
print('List of profiles:')
print('-----------------')
- for profile_data_info in profile_data_infos.profile_data_list:
+ for profile_data_info in profile_data_infos:
print(' Profile ID: ' + profile_data_info.profile_id)
print(' Profile Name: ' + profile_data_info.profile_name)
print(' Profile Description: ' +
profile_data_info.profile_description)
--
1.8.5.3
9:01 a.m.
New subject: [PATCH] 95 -2 Fixes for comments on patch 95
Thanks Fraser - Pushed patches 93, 94, 95-2 to master.
-- Abhishek
On Tue, 2014-06-03 at 08:52 +1000, Fraser Tweedale wrote:
On Mon, Jun 02, 2014 at 05:44:17PM -0400, Abhishek Koneru wrote:
> So i addressed all the new comments from Fraser and Ade.
> Ade is OK with the current set of patches checked in (93, 94, 95-2).
> I will be submitting new patches which add the remaining methods in
> ProfileClient and provide a better solution for the property/setter
> usage in classes like ProfileData, CertEnrollmentRequest and
> CertReviewResponse.
>
> Fraser - if the current code is OK with you please let me know. i can
> check in the code right away.
>
> As per my previous mail - these are addressed:
>
ACK x 3 from me.
> > > > 1) there is an unused class ``ProfilePolicySet``. Is the purpose of
> > > > this class the same as ``PolicySet``? If so, they should be merged.
> >
> > The ProfilePolicySet class is being used in the CertReviewResponse
> > class. It is different from the PolicySet class.
> >
> > The former is a list of ProfilePolicy objects while the latter is a
> > dictionary of {Policy_name, Collection of <Profile_Policy>}.
> >
> > Both classes are replications of similar definitions on the Java side.
> >
> > > >
> > > > 2) as currently implemented, ``PolicySet.from_json`` has no explicit
> > > > return, therefore returns None
> > > >
> > > > 3) ``PolicySet.from_json`` likewise lacks a return statement.
> > > >
> >
> > Will be corrected.
> >
> > >
> > > One more thing:
> > >
> > > 4) due to use of ``pki.handle_exceptions`` decorator, docstrings on
> > > decorated methods are wrong. You can use ``functools.wraps`` to
> > > propagate docstrings through a decorator. See
> > >
http://stackoverflow.com/questions/1782843/python-decorator-problem-with-...
> > >
> >
> > Good catch and great suggestion. I will work on this.
> Though the link you provided is pretty old, i still do not see any
> support for showing the arguments of the wrapped function instead of the
> wrapper function's arguments - when calling help.
> In any case, i used functools.wraps to atleast show the docstring.
>
> Along with the following comments by Ade.
>
> 1. You need to not track workspace.xml - and most likely add it
> to .gitignore. See
>
http://manski.net/2012/05/which-project-files-under-version-control/#inte...
>
> That said, it appears that Barbican for example, does not in fact check
> in their .idea files. You might want to ask them about that.
>
> I removed the PyCharm project files. (Even barbican doesn't check them
> in and they do not have any other way of checking the PEP8 standards
> using the PyCharm files)
>
> 2. In CertRevoke, you do check to see if the reason provided is a valid
> reason, but do this by defining the valid reasons twice - once as a
> standalone field, and once in an anonymous list. Better to define all
> the reasons in a named list, and check that list.
>
> -- Included in the patch.
>
> -- Abhishek
> From d572c7a5b28af9cafc3b9eb3d64dc1e5ad748a13 Mon Sep 17 00:00:00 2001
> From: Abhishek Koneru <akoneru(a)redhat.com>
> Date: Fri, 23 May 2014 12:17:38 -0400
> Subject: [PATCH] Addressed comments given for patches 92-2, 93, 94.
>
> Addressed review comments for the patches that
> implement the CertClient and a part of ProfileClient.
>
> Also includes the pycharm project files in pki/.idea.
> ---
> base/common/python/pki/__init__.py | 6 +-
> base/common/python/pki/account.py | 3 +
> base/common/python/pki/cert.py | 491 +++++++++++++++++++++++--------------
> base/common/python/pki/profile.py | 145 +++++++----
> 4 files changed, 416 insertions(+), 229 deletions(-)
>
> diff --git a/base/common/python/pki/__init__.py
b/base/common/python/pki/__init__.py
> index
713f10e0e7321fab2d10e5026a59e3ec2a4a5ff8..891d6ea6364b037f132ff3754b73b372c638b0f7 100644
> --- a/base/common/python/pki/__init__.py
> +++ b/base/common/python/pki/__init__.py
> @@ -21,6 +21,7 @@
> """
> This module contains top-level classes and functions used by the Dogtag project.
> """
> +from functools import wraps
> import os
> import re
> import requests
> @@ -245,6 +246,7 @@ def handle_exceptions():
> def exceptions_decorator(fn_call):
> """ The actual decorator handler."""
>
> + @wraps(fn_call)
> def handler(inst, *args, **kwargs):
> """ Decorator to catch and re-throw
PKIExceptions."""
> try:
> @@ -392,8 +394,10 @@ class PropertyFile(object):
>
> class Link:
> """
> - Stores the information of the resteasy's Link object sent by the
server for a resource.
> + Stores the information of the resteasy's Link object sent by the
server
> + for a resource.
> """
> +
> def __init__(self):
> pass
>
> diff --git a/base/common/python/pki/account.py b/base/common/python/pki/account.py
> index
1ab5b2ddb47804771d6cc89cd11f7f1d9b043856..0916ec7cccf25357b75161d08fea32626fdf9486 100644
> --- a/base/common/python/pki/account.py
> +++ b/base/common/python/pki/account.py
> @@ -18,6 +18,7 @@
> # Copyright (C) 2013 Red Hat, Inc.
> # All rights reserved.
> #
> +import pki
>
>
> class AccountClient:
> @@ -25,8 +26,10 @@ class AccountClient:
> def __init__(self, connection):
> self.connection = connection
>
> + @pki.handle_exceptions()
> def login(self):
> self.connection.get('/rest/account/login')
>
> + @pki.handle_exceptions()
> def logout(self):
> self.connection.get('/rest/account/logout')
> diff --git a/base/common/python/pki/cert.py b/base/common/python/pki/cert.py
> index
b22307ad1b2c2456257dc9416208e6725234bf9c..036bbf4e31d2f75118949395b539aa7fa0007eef 100644
> --- a/base/common/python/pki/cert.py
> +++ b/base/common/python/pki/cert.py
> @@ -14,16 +14,6 @@ import pki.encoder as encoder
> import pki.profile as profile
>
>
> -class CertId(object):
> - """
> - Class encapsulating a certificate serial number
> - """
> -
> - def __init__(self, cert_id):
> - """ Constructor """
> - self.value = cert_id
> -
> -
> class CertData(object):
> """
> Class containing certificate data as returned from getCert()
> @@ -43,6 +33,16 @@ class CertData(object):
> self.nonce = None
> self.link = None
>
> + def __repr__(self):
> + attributes = {
> + "CertData": {
> + "serial_number": self.serial_number,
> + "subject_dn": self.subject_dn,
> + "status": self.status
> + }
> + }
> + return str(attributes)
> +
> @classmethod
> def from_json(cls, attr_list):
> """ Return CertData object from JSON dict
"""
> @@ -72,7 +72,7 @@ class CertDataInfo(object):
>
> def __init__(self):
> """ Constructor """
> - self.cert_id = None
> + self.serial_number = None
> self.subject_dn = None
> self.status = None
> self.type = None
> @@ -85,11 +85,21 @@ class CertDataInfo(object):
> self.issued_by = None
> self.link = None
>
> + def __repr__(self):
> + obj = {
> + "CertDataInfo": {
> + 'serial_number': self.serial_number,
> + 'subject_dn': self.subject_dn,
> + 'type': self.type,
> + 'status': self.status
> + }}
> + return str(obj)
> +
> @classmethod
> def from_json(cls, attr_list):
> """ Return CertDataInfo object from JSON dict
"""
> cert_data_info = cls()
> - cert_data_info.cert_id = attr_list['id']
> + cert_data_info.serial_number = attr_list['id']
> cert_data_info.subject_dn = attr_list['SubjectDN']
> cert_data_info.status = attr_list['Status']
> cert_data_info.type = attr_list['Type']
> @@ -107,25 +117,30 @@ class CertDataInfo(object):
>
> class CertDataInfoCollection(object):
> """
> - Class containing list of CertDataInfo objects and their respective link
objects.
> + Class containing list of CertDataInfo objects and their respective link
> + objects.
> This data is returned when searching/listing certificate records in the CA.
> """
>
> def __init__(self):
> """ Constructor """
> - self.cert_info_list = []
> + self.cert_data_info_list = []
> self.links = []
>
> + def __iter__(self):
> + return iter(self.cert_data_info_list)
> +
> @classmethod
> def from_json(cls, json_value):
> """ Populate object from JSON input """
> ret = cls()
> cert_infos = json_value['entries']
> if not isinstance(cert_infos, types.ListType):
> - ret.cert_info_list.append(CertDataInfo.from_json(cert_infos))
> + ret.cert_data_info_list.append(CertDataInfo.from_json(cert_infos))
> else:
> for cert_info in cert_infos:
> - ret.cert_info_list.append(CertDataInfo.from_json(cert_info))
> + ret.cert_data_info_list.append(
> + CertDataInfo.from_json(cert_info))
>
> links = json_value['Link']
> if not isinstance(links, types.ListType):
> @@ -155,6 +170,17 @@ class CertRequestInfo(object):
> self.cert_url = None
> self.error_message = None
>
> + def __repr__(self):
> + obj = {
> + 'CertRequestInfo': {
> + 'request_id': self.request_id,
> + 'request_type': self.request_type,
> + 'request_status': self.request_status,
> + 'request_url': self.request_url
> + }
> + }
> + return str(obj)
> +
> @classmethod
> def from_json(cls, attr_list):
> cert_request_info = cls()
> @@ -163,7 +189,8 @@ class CertRequestInfo(object):
> cert_request_info.request_status = attr_list['requestStatus']
> cert_request_info.operation_result = attr_list['operationResult']
> cert_request_info.request_id = \
> -
str(cert_request_info.request_url)[(str(cert_request_info.request_url).rfind("/")
+ 1):]
> + str(cert_request_info.request_url)[(str(
> + cert_request_info.request_url).rfind("/") + 1):]
> #Optional parameters
> if 'certId' in attr_list:
> cert_request_info.cert_id = attr_list['certId']
> @@ -184,19 +211,24 @@ class CertRequestInfoCollection(object):
> """
>
> def __init__(self):
> - self.cert_info_list = []
> + self.cert_request_info_list = []
> self.links = []
>
> + def __iter__(self):
> + return iter(self.cert_request_info_list)
> +
> @classmethod
> def from_json(cls, json_value):
> """ Populate object from JSON input """
> ret = cls()
> cert_req_infos = json_value['entries']
> if not isinstance(cert_req_infos, types.ListType):
> - ret.cert_info_list.append(CertRequestInfo.from_json(cert_req_infos))
> + ret.cert_request_info_list.append(
> + CertRequestInfo.from_json(cert_req_infos))
> else:
> for cert_info in cert_req_infos:
> - ret.cert_info_list.append(CertRequestInfo.from_json(cert_info))
> + ret.cert_request_info_list.append(
> + CertRequestInfo.from_json(cert_info))
>
> links = json_value['Link']
> if not isinstance(links, types.ListType):
> @@ -215,18 +247,28 @@ class CertSearchRequest(object):
> """
>
> search_params = {'serial_to': 'serialTo',
'serial_from': 'serialFrom',
> - 'email': 'eMail', 'common_name':
'commonName', 'user_id': 'userID',
> - 'org_unit': 'orgUnit', 'org':
'org', 'locality': 'locality',
> - 'state': 'state', 'country':
'country', 'match_exactly': 'matchExactly',
> - 'status': 'status', 'revoked_by':
'revokedBy', 'revoked_on_from': 'revokedOnFrom',
> - 'revoked_on_to': 'revokedOnTo',
'revocation_reason': 'revocationReason',
> - 'issued_by': 'issuedBy',
'issued_on_from': 'issuedOnFrom', 'issued_on_to':
'issuedOnTo',
> - 'valid_not_before_from': 'validNotBeforeFrom',
'valid_not_before_to': 'validNotBeforeTo',
> - 'valid_not_after_from': 'validNotAfterFrom',
'valid_not_after_to': 'validNotAfterTo',
> - 'validity_operation': 'validityOperation',
'validity_count': 'validityCount',
> - 'validity_unit': 'validityUnit',
'cert_type_sub_email_ca': 'certTypeSubEmailCA',
> - 'cert_type_sub_ssl_ca': 'certTypeSubSSLCA',
'cert_type_secure_email': 'certTypeSecureEmail',
> - 'cert_type_ssl_client': 'certTypeSSLClient',
'cert_type_ssl_server': 'certTypeSSLServer'}
> + 'email': 'eMail', 'common_name':
'commonName',
> + 'user_id': 'userID', 'org_unit':
'orgUnit', 'org': 'org',
> + 'locality': 'locality', 'state':
'state',
> + 'country': 'country', 'match_exactly':
'matchExactly',
> + 'status': 'status', 'revoked_by':
'revokedBy',
> + 'revoked_on_from': 'revokedOnFrom',
> + 'revoked_on_to': 'revokedOnTo',
> + 'revocation_reason': 'revocationReason',
> + 'issued_by': 'issuedBy',
'issued_on_from': 'issuedOnFrom',
> + 'issued_on_to': 'issuedOnTo',
> + 'valid_not_before_from':
'validNotBeforeFrom',
> + 'valid_not_before_to': 'validNotBeforeTo',
> + 'valid_not_after_from': 'validNotAfterFrom',
> + 'valid_not_after_to': 'validNotAfterTo',
> + 'validity_operation': 'validityOperation',
> + 'validity_count': 'validityCount',
> + 'validity_unit': 'validityUnit',
> + 'cert_type_sub_email_ca':
'certTypeSubEmailCA',
> + 'cert_type_sub_ssl_ca': 'certTypeSubSSLCA',
> + 'cert_type_secure_email':
'certTypeSecureEmail',
> + 'cert_type_ssl_client': 'certTypeSSLClient',
> + 'cert_type_ssl_server': 'certTypeSSLServer'}
>
> def __init__(self, **cert_search_params):
> """ Constructor """
> @@ -234,59 +276,64 @@ class CertSearchRequest(object):
> if len(cert_search_params) == 0:
> setattr(self, 'serialNumberRangeInUse', True)
>
> - for param in cert_search_params:
> + for param, value in cert_search_params.viewitems():
> if not param in CertSearchRequest.search_params:
> raise ValueError('Invalid search parameter: ' + param)
>
> - if param == 'serial_to' or param == 'serial_from':
> - setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
> + if param in {'serial_to', 'serial_from'}:
> + setattr(self, CertSearchRequest.search_params[param], value)
> setattr(self, 'serialNumberRangeInUse', True)
>
> - if param == 'email' or param == 'common_name' or param
== 'user_id' or param == 'org_unit' \
> - or param == 'org' or param == 'locality' or
param == 'state' or param == 'country' \
> - or param == 'match_exactly':
> - setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
> + if param in {
> + 'email', 'common_name', 'user_id',
'org_unit', 'org',
> + 'locality', 'state', 'country',
'match_exactly'
> + }:
> + setattr(self, CertSearchRequest.search_params[param], value)
> setattr(self, 'subjectInUse', True)
>
> if param == 'status':
> - setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
> + setattr(self, CertSearchRequest.search_params[param], value)
>
> if param == 'revoked_by':
> - setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
> + setattr(self, CertSearchRequest.search_params[param], value)
> setattr(self, 'revokedByInUse', True)
>
> - if param == 'revoked_on_from' or param ==
'revoked_on_to':
> - setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
> + if param in {'revoked_on_from', 'revoked_on_to'}:
> + setattr(self, CertSearchRequest.search_params[param], value)
> setattr(self, 'revokedOnInUse', True)
>
> if param == 'revocation_reason':
> - setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
> + setattr(self, CertSearchRequest.search_params[param], value)
> setattr(self, 'revocationReasonInUse', True)
>
> if param == 'issued_by':
> - setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
> + setattr(self, CertSearchRequest.search_params[param], value)
> setattr(self, 'issuedByInUse', True)
>
> - if param == 'issued_on_from' or param ==
'issued_on_to':
> - setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
> + if param in {'issued_on_from', 'issued_on_to'}:
> + setattr(self, CertSearchRequest.search_params[param], value)
> setattr(self, 'issuedOnInUse', True)
>
> - if param == 'valid_not_before_from' or param ==
'valid_not_before_to':
> - setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
> + if param in {'valid_not_before_from',
'valid_not_before_to'}:
> + setattr(self, CertSearchRequest.search_params[param], value)
> setattr(self, 'validNotBeforeInUse', True)
>
> - if param == 'valid_not_after_from' or param ==
'valid_not_after_to':
> - setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
> + if param in {'valid_not_after_from',
'valid_not_after_to'}:
> + setattr(self, CertSearchRequest.search_params[param], value)
> setattr(self, 'validNotAfterInUse', True)
>
> - if param == 'validity_operation' or param ==
'validity_count' or param == 'validity_unit':
> - setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
> + if param in {
> + 'validity_operation', 'validity_count',
'validity_unit'
> + }:
> + setattr(self, CertSearchRequest.search_params[param], value)
> setattr(self, 'validityLengthInUse', True)
>
> - if param == 'cert_type_sub_email_ca' or param ==
'cert_type_sub_ssl_ca' \
> - or param == 'cert_type_secure_email' or param ==
'cert_type_ssl_client' \
> - or param == 'cert_type_ssl_server':
> - setattr(self, CertSearchRequest.search_params[param],
cert_search_params[param])
> + if param in {
> + 'cert_type_sub_email_ca', 'cert_type_sub_ssl_ca',
> + 'cert_type_secure_email', 'cert_type_ssl_client',
> + 'cert_type_ssl_server'
> + }:
> + setattr(self, CertSearchRequest.search_params[param], value)
> setattr(self, 'certTypeInUse', True)
>
>
> @@ -294,24 +341,28 @@ class CertRevokeRequest(object):
> """
> An object of this class encapsulates all the
> parameters required for revoking a certificate.
> - """
>
> - REASON_UNSPECIFIED = "Unspecified"
> - REASON_KEY_COMPROMISE = "Key_Compromise"
> - REASON_CA_COMPROMISE = "CA_Compromise"
> - REASON_AFFILIATION_CHANGED = "Affiliation_Changed"
> - REASON_SUPERSEDED = "Superseded"
> - REASON_CESSATION_OF_OPERATION = "Cessation_of_Operation"
> - REASON_CERTIFICATE_HOLD = "Certificate_Hold"
> - REASON_REMOVE_FROM_CRL = "Remove_from_CRL"
> - REASON_PRIVILEGE_WITHDRAWN = "Privilege_Withdrawn"
> - REASON_AA_COMPROMISE = "AA_Compromise"
> + Valid values for reasons for revoking a request are:
> + 'Unspecified', 'Key_Compromise',
'CA_Compromise',
> + 'Affiliation_Changed', 'Superseded',
'Cessation_of_Operation',
> + 'Certificate_Hold', 'Remove_from_CRL',
'Privilege_Withdrawn',
> + 'AA_Compromise'
> + """
> + reasons = ['Unspecified', 'Key_Compromise',
'CA_Compromise',
> + 'Affiliation_Changed', 'Superseded',
'Cessation_of_Operation',
> + 'Certificate_Hold', 'Remove_from_CRL',
'Privilege_Withdrawn',
> + 'AA_Compromise']
>
> def __init__(self, nonce, reason=None, invalidity_date=None, comments=None):
> """ Constructor """
> +
> setattr(self, "Nonce", nonce)
> +
> if reason is None:
> - reason = self.REASON_UNSPECIFIED
> + reason = 'Unspecified'
> + else:
> + if reason not in CertRevokeRequest.reasons:
> + raise ValueError('Invalid revocation reason specified.')
> setattr(self, "Reason", reason)
> if invalidity_date is not None:
> setattr(self, "InvalidityDate", invalidity_date)
> @@ -321,11 +372,13 @@ class CertRevokeRequest(object):
>
> class CertEnrollmentRequest(object):
> """
> - This class encapsulates the parameters required for a certificate enrollment
request.
> + This class encapsulates the parameters required for a certificate
> + enrollment request.
> """
>
> - def __init__(self, profile_id=None, renewal=False, serial_number=None,
remote_host=None, remote_address=None,
> - inputs=None, outputs=None):
> + def __init__(self, profile_id=None, renewal=False, serial_number=None,
> + remote_host=None, remote_address=None, inputs=None,
> + outputs=None):
> """ Constructor """
> self.profile_id = profile_id
> self.renewal = renewal
> @@ -443,14 +496,17 @@ class CertEnrollmentRequest(object):
> enroll_request.inputs.append(profile.ProfileInput.from_json(inputs))
> else:
> for profile_input in inputs:
> -
enroll_request.inputs.append(profile.ProfileInput.from_json(profile_input))
> + enroll_request.inputs.append(
> + profile.ProfileInput.from_json(profile_input))
>
> outputs = json_value['Output']
> if not isinstance(outputs, types.ListType):
> -
enroll_request.outputs.append(profile.ProfileOutput.from_json(outputs))
> + enroll_request.outputs.append(
> + profile.ProfileOutput.from_json(outputs))
> else:
> for profile_output in outputs:
> -
enroll_request.outputs.append(profile.ProfileOutput.from_json(profile_output))
> + enroll_request.outputs.append(
> + profile.ProfileOutput.from_json(profile_output))
>
> return enroll_request
>
> @@ -462,14 +518,21 @@ class CertReviewResponse(CertEnrollmentRequest):
> It contains a nonce required to perform action on the request.
> """
>
> - def __init__(self, profile_id=None, renewal=False, serial_number=None,
remote_host=None, remote_address=None,
> - inputs=None, outputs=None, nonce=None, request_id=None,
request_type=None, request_status=None,
> - request_owner=None, request_creation_time=None,
request_modification_time=None, request_notes=None,
> - profile_approval_by=None, profile_set_id=None,
profile_is_visible=None, profile_name=None,
> - profile_description=None, profile_remote_host=None,
profile_remote_address=None, policy_sets=None):
> + def __init__(self, profile_id=None, renewal=False, serial_number=None,
> + remote_host=None, remote_address=None, inputs=None,
> + outputs=None, nonce=None, request_id=None, request_type=None,
> + request_status=None, request_owner=None,
> + request_creation_time=None, request_modification_time=None,
> + request_notes=None, profile_approval_by=None,
> + profile_set_id=None, profile_is_visible=None,
> + profile_name=None, profile_description=None,
> + profile_remote_host=None, profile_remote_address=None,
> + policy_sets=None):
>
> - super(CertReviewResponse, self).__init__(profile_id, renewal,
serial_number, remote_host,
> - remote_address, inputs, outputs)
> + super(CertReviewResponse, self).__init__(profile_id, renewal,
> + serial_number, remote_host,
> + remote_address, inputs,
> + outputs)
> self.nonce = nonce
> self.request_id = request_id
> self.request_type = request_type
> @@ -622,8 +685,10 @@ class CertReviewResponse(CertEnrollmentRequest):
> review_response.request_type = json_value['requestType']
> review_response.request_status = json_value['requestStatus']
> review_response.request_owner = json_value['requestOwner']
> - review_response.request_creation_time =
json_value['requestCreationTime']
> - review_response.request_modification_time =
json_value['requestModificationTime']
> + review_response.request_creation_time = \
> + json_value['requestCreationTime']
> + review_response.request_modification_time = \
> + json_value['requestModificationTime']
> review_response.request_notes = json_value['requestNotes']
> review_response.profile_approved_by =
json_value['profileApprovedBy']
> review_response.profile_set_id = json_value['profileSetId']
> @@ -635,18 +700,20 @@ class CertReviewResponse(CertEnrollmentRequest):
>
> profile_policy_sets = json_value['ProfilePolicySet']
> if not isinstance(profile_policy_sets, types.ListType):
> -
review_response.policy_sets.append(profile.ProfilePolicySet.from_json(profile_policy_sets))
> + review_response.policy_sets.append(
> + profile.ProfilePolicySet.from_json(profile_policy_sets))
> else:
> for policy_set in profile_policy_sets:
> -
review_response.policy_sets.append(profile.ProfilePolicySet.from_json(policy_set))
> + review_response.policy_sets.append(
> + profile.ProfilePolicySet.from_json(policy_set))
>
> return review_response
>
>
> class CertClient(object):
> """
> - Class encapsulating and mirroring the functionality in the CertResource Java
interface class
> - defining the REST API for Certificate resources.
> + Class encapsulating and mirroring the functionality in the CertResource
> + Java interface class defining the REST API for Certificate resources.
> """
>
> def __init__(self, connection):
> @@ -661,101 +728,122 @@ class CertClient(object):
> self.enrollment_templates = {}
>
> @pki.handle_exceptions()
> - def get_cert(self, cert_id):
> + def get_cert(self, cert_serial_number):
> """ Return a CertData object for a particular certificate.
"""
> - if cert_id is None:
> + if cert_serial_number is None:
> raise ValueError("Certificate ID must be specified")
>
> - url = self.cert_url + '/' + str(cert_id)
> + url = self.cert_url + '/' + str(cert_serial_number)
> r = self.connection.get(url, self.headers)
> return CertData.from_json(r.json())
>
> @pki.handle_exceptions()
> - def list_certs(self, max_results=None, max_time=None, start=None, size=None,
**cert_search_params):
> - """ Return a CertDataInfoCollection object with a
information about all the
> - certificates that satisfy the search criteria.
> + def list_certs(self, max_results=None, max_time=None, start=None, size=None,
> + **cert_search_params):
> + """ Return a CertDataInfoCollection object with a
information about all
> + the certificates that satisfy the search criteria.
> If cert_search_request=None, returns all the certificates.
> """
> url = self.cert_url + '/search'
> - query_params = {"maxResults": max_results, "maxTime":
max_time, "start": start, "size": size}
> + query_params = {"maxResults": max_results, "maxTime":
max_time,
> + "start": start, "size": size}
> cert_search_request = CertSearchRequest(**cert_search_params)
> - search_request = json.dumps(cert_search_request,
cls=encoder.CustomTypeEncoder, sort_keys=True)
> - response = self.connection.post(url, search_request, self.headers,
query_params)
> + search_request = json.dumps(cert_search_request,
> + cls=encoder.CustomTypeEncoder,
> + sort_keys=True)
> + response = self.connection.post(url, search_request, self.headers,
> + query_params)
> return CertDataInfoCollection.from_json(response.json())
>
> @pki.handle_exceptions()
> - def review_cert(self, cert_id):
> + def review_cert(self, cert_serial_number):
> """ Reviews a certificate. Returns a CertData object with a
nonce.
> - This method requires an agent's authentication cert in the
connection object.
> + This method requires an agent's authentication cert in the
> + connection object.
> """
> - if cert_id is None:
> + if cert_serial_number is None:
> raise ValueError("Certificate ID must be specified")
>
> - url = self.agent_cert_url + '/' + str(cert_id)
> + url = self.agent_cert_url + '/' + str(cert_serial_number)
> r = self.connection.get(url, self.headers)
> return CertData.from_json(r.json())
>
> - def _submit_revoke_request(self, url, cert_id, revocation_reason=None,
invalidity_date=None, comments=None,
> - nonce=None):
> + def _submit_revoke_request(self, url, cert_serial_number,
> + revocation_reason=None, invalidity_date=None,
> + comments=None, nonce=None):
> """
> Submits a certificate revocation request.
> Expects the URL for submitting the request.
> Creates a CertRevokeRequest object using the arguments provided.
> - If nonce is passed as an argument, reviews the cert to get a nonce from the
server
> - and passes it in the request.
> + If nonce is passed as an argument, reviews the cert to get a nonce
> + from the server and passes it in the request.
> Returns a CertRequestInfo object.
> """
> - if cert_id is None:
> + if cert_serial_number is None:
> raise ValueError("Certificate ID must be specified")
>
> if url is None:
> raise ValueError("URL not specified")
>
> if nonce is None:
> - cert_data = self.review_cert(cert_id)
> + cert_data = self.review_cert(cert_serial_number)
> nonce = cert_data.nonce
> - request = CertRevokeRequest(nonce, revocation_reason, invalidity_date,
comments)
> - revoke_request = json.dumps(request, cls=encoder.CustomTypeEncoder,
sort_keys=True)
> + request = CertRevokeRequest(nonce, revocation_reason, invalidity_date,
> + comments)
> + revoke_request = json.dumps(request, cls=encoder.CustomTypeEncoder,
> + sort_keys=True)
> r = self.connection.post(url, revoke_request, headers=self.headers)
> return CertRequestInfo.from_json(r.json())
>
> @pki.handle_exceptions()
> - def revoke_cert(self, cert_id, revocation_reason=None, invalidity_date=None,
comments=None, nonce=None):
> + def revoke_cert(self, cert_serial_number, revocation_reason=None,
> + invalidity_date=None, comments=None, nonce=None):
> """ Revokes a certificate.
> Returns a CertRequestInfo object with information about the request.
> - This method requires an agent's authentication cert in the
connection object.
> + This method requires an agent's authentication cert in the
> + connection object.
> """
> - url = self.agent_cert_url + '/' + str(cert_id) + '/revoke'
> - return self._submit_revoke_request(url, cert_id, revocation_reason,
invalidity_date, comments, nonce)
> + url = self.agent_cert_url + '/' + str(cert_serial_number) +
'/revoke'
> + return self._submit_revoke_request(url, cert_serial_number,
> + revocation_reason, invalidity_date,
> + comments, nonce)
>
> @pki.handle_exceptions()
> - def revoke_ca_cert(self, cert_id, revocation_reason=None, invalidity_date=None,
comments=None, nonce=None):
> + def revoke_ca_cert(self, cert_serial_number, revocation_reason=None,
> + invalidity_date=None, comments=None, nonce=None):
> """ Revokes a CA certificate.
> Returns a CertRequestInfo object with information about the request.
> - This method requires an agent's authentication cert in the
connection object.
> + This method requires an agent's authentication cert in the
> + connection object.
> """
> - url = self.agent_cert_url + '/' + str(cert_id) +
'/revoke-ca'
> - return self._submit_revoke_request(url, cert_id, revocation_reason,
invalidity_date, comments, nonce)
> + url = self.agent_cert_url + '/' + str(cert_serial_number) +
'/revoke-ca'
> + return self._submit_revoke_request(url, cert_serial_number,
> + revocation_reason, invalidity_date,
> + comments, nonce)
>
> @pki.handle_exceptions()
> - def hold_cert(self, cert_id, comments=None):
> + def hold_cert(self, cert_serial_number, comments=None):
> """ Places a certificate on-hold.
> - Calls the revoke_cert method with reason -
CertRevokeRequest.REASON_CERTIFICATE_HOLD.
> + Calls the revoke_cert method with reason -
> + CertRevokeRequest.REASON_CERTIFICATE_HOLD.
> Returns a CertRequestInfo object.
> - This method requires an agent's authentication cert in the
connection object.
> + This method requires an agent's authentication cert in the
> + connection object.
> """
> - return self.revoke_cert(cert_id, CertRevokeRequest.REASON_CERTIFICATE_HOLD,
comments=comments)
> + return self.revoke_cert(cert_serial_number, 'Certificate_Hold',
> + comments=comments)
>
> @pki.handle_exceptions()
> - def unrevoke_cert(self, cert_id):
> + def unrevoke_cert(self, cert_serial_number):
> """ Un-revokes a revoked certificate.
> Returns a CertRequestInfo object.
> - This method requires an agent's authentication cert in the
connection object.
> + This method requires an agent's authentication cert in the
> + connection object.
> """
> - if cert_id is None:
> + if cert_serial_number is None:
> raise ValueError("Certificate ID must be specified")
>
> - url = self.agent_cert_url + '/' + str(cert_id) +
'/unrevoke'
> + url = self.agent_cert_url + '/' + str(cert_serial_number) +
'/unrevoke'
> r = self.connection.post(url, None, headers=self.headers)
> return CertRequestInfo.from_json(r.json())
>
> @@ -774,8 +862,9 @@ class CertClient(object):
> return CertRequestInfo.from_json(r.json())
>
> @pki.handle_exceptions()
> - def list_requests(self, request_status=None, request_type=None,
from_request_id=None, size=None,
> - max_results=None, max_time=None):
> + def list_requests(self, request_status=None, request_type=None,
> + from_request_id=None, size=None, max_results=None,
> + max_time=None):
> """
> Query for a list of certificates using the arguments passed.
> Returns a CertRequestInfoCollection object.
> @@ -789,7 +878,8 @@ class CertClient(object):
> 'maxResults': max_results,
> 'maxTime': max_time
> }
> - r = self.connection.get(self.agent_cert_requests_url, self.headers,
query_params)
> + r = self.connection.get(self.agent_cert_requests_url, self.headers,
> + query_params)
> return CertRequestInfoCollection.from_json(r.json())
>
> @pki.handle_exceptions()
> @@ -819,15 +909,17 @@ class CertClient(object):
> cert_review_response = self.review_request(request_id)
>
> url = self.agent_cert_requests_url + '/' + request_id + '/'
+ action
> - review_response = json.dumps(cert_review_response,
cls=encoder.CustomTypeEncoder, sort_keys=True)
> + review_response = json.dumps(cert_review_response,
> + cls=encoder.CustomTypeEncoder,
> + sort_keys=True)
> r = self.connection.post(url, review_response, headers=self.headers)
> return r
>
> def approve_request(self, request_id, cert_review_response=None):
> """
> Approves a certificate enrollment request.
> - If cert_review_response is None, a review request operation is performed to
fetch the
> - CertReviewResponse object.
> + If cert_review_response is None, a review request operation is performed
> + to fetch the CertReviewResponse object.
> Requires as agent level authentication.
> """
> return self._perform_action(request_id, cert_review_response,
'approve')
> @@ -835,17 +927,17 @@ class CertClient(object):
> def cancel_request(self, request_id, cert_review_response=None):
> """
> Cancels a certificate enrollment request.
> - If cert_review_response is None, a review request operation is performed to
fetch the
> - CertReviewResponse object.
> + If cert_review_response is None, a review request operation is performed
> + to fetch the CertReviewResponse object.
> Requires as agent level authentication.
> """
> return self._perform_action(request_id, cert_review_response,
'cancel')
>
> - def reject_request(self, request_id, cert_review_response=None):
> + def reject_request(self, request_id, cert_review_response=None):
> """
> Rejects a certificate enrollment request.
> - If cert_review_response is None, a review request operation is performed to
fetch the
> - CertReviewResponse object.
> + If cert_review_response is None, a review request operation is performed
> + to fetch the CertReviewResponse object.
> Requires as agent level authentication.
> """
> return self._perform_action(request_id, cert_review_response,
'reject')
> @@ -853,17 +945,18 @@ class CertClient(object):
> def validate_request(self, request_id, cert_review_response):
> """
> Validates a certificate enrollment request.
> - If cert_review_response is None, a review request operation is performed to
fetch the
> - CertReviewResponse object.
> + If cert_review_response is None, a review request operation is performed
> + to fetch the CertReviewResponse object.
> Requires as agent level authentication.
> """
> - return self._perform_action(request_id, cert_review_response,
'validate')
> + return self._perform_action(request_id, cert_review_response,
> + 'validate')
>
> def update_request(self, request_id, cert_review_response):
> """
> Updates a certificate enrollment request.
> - If cert_review_response is None, a review request operation is performed to
fetch the
> - CertReviewResponse object.
> + If cert_review_response is None, a review request operation is performed
> + to fetch the CertReviewResponse object.
> Requires as agent level authentication.
> """
> return self._perform_action(request_id, cert_review_response,
'update')
> @@ -871,8 +964,8 @@ class CertClient(object):
> def assign_request(self, request_id, cert_review_response):
> """
> Assigns a certificate enrollment request.
> - If cert_review_response is None, a review request operation is performed to
fetch the
> - CertReviewResponse object.
> + If cert_review_response is None, a review request operation is performed
> + to fetch the CertReviewResponse object.
> Requires as agent level authentication.
> """
> return self._perform_action(request_id, cert_review_response,
'assign')
> @@ -880,17 +973,19 @@ class CertClient(object):
> def unassign_request(self, request_id, cert_review_response):
> """
> Un-assigns a certificate enrollment request.
> - If cert_review_response is None, a review request operation is performed to
fetch the
> - CertReviewResponse object.
> + If cert_review_response is None, a review request operation is performed
> + to fetch the CertReviewResponse object.
> Requires as agent level authentication.
> """
> - return self._perform_action(request_id, cert_review_response,
'unassign')
> + return self._perform_action(request_id, cert_review_response,
> + 'unassign')
>
> @pki.handle_exceptions()
> def list_enrollment_templates(self, start=None, size=None):
> """
> Gets the list of profile templates supported by the CA.
> - The values for start and size arguments determine the starting point and
the length of the list.
> + The values for start and size arguments determine the starting point and
> + the length of the list.
> Returns a ProfileDataInfoCollection object.
> """
>
> @@ -900,7 +995,6 @@ class CertClient(object):
> 'size': size
> }
> r = self.connection.get(url, self.headers, query_params)
> - print r
> return profile.ProfileDataInfoCollection.from_json(r.json())
>
> @pki.handle_exceptions()
> @@ -908,10 +1002,13 @@ class CertClient(object):
> """
> Fetch the enrollment template for the given profile id.
> For the first time, the request is sent to the server.
> - The retrieved CertEnrollmentRequest object is then cached locally for
future requests.
> + The retrieved CertEnrollmentRequest object is then cached locally for
> + future requests.
> Returns a CerEnrollmentRequest object.
> """
>
> + if profile_id is None:
> + raise ValueError("Profile ID must be specified.")
> if profile_id in self.enrollment_templates:
> return copy.deepcopy(self.enrollment_templates[profile_id])
> url = self.cert_requests_url + '/profiles/' + str(profile_id)
> @@ -927,8 +1024,10 @@ class CertClient(object):
> def create_enrollment_request(self, profile_id, inputs):
> """
> Fetches the enrollment request object for the given profile and
> - sets values to its attributes using the values provided in the inputs
dictionary.
> - Returns the CertEnrollmentRequest object, which can be submitted to enroll
a certificate.
> + sets values to its attributes using the values provided in the inputs
> + dictionary.
> + Returns the CertEnrollmentRequest object, which can be submitted to
> + enroll a certificate.
> """
> if inputs is None or len(inputs) == 0:
> raise ValueError("No inputs provided.")
> @@ -945,42 +1044,48 @@ class CertClient(object):
> def submit_enrollment_request(self, enrollment_request):
> """
> Submits the CertEnrollmentRequest object to the server.
> - Returns a CertRequestInfoCollection object with information about the
certificate requests
> - enrolled at the CA.
> + Returns a CertRequestInfoCollection object with information about the
> + certificate requests enrolled at the CA.
> """
> - request_object = json.dumps(enrollment_request,
cls=encoder.CustomTypeEncoder, sort_keys=True)
> - r = self.connection.post(self.cert_requests_url, request_object,
self.headers)
> + request_object = json.dumps(enrollment_request,
> + cls=encoder.CustomTypeEncoder,
> + sort_keys=True)
> + r = self.connection.post(self.cert_requests_url, request_object,
> + self.headers)
> return CertRequestInfoCollection.from_json(r.json())
>
> @pki.handle_exceptions()
> def enroll_cert(self, profile_id, inputs):
> """
> A convenience method for enrolling a certificate for a given profile id.
> - The inputs parameter should be a dictionary with values for the profile
attributes
> - for an enrollment request.
> + The inputs parameter should be a dictionary with values for the profile
> + attributes for an enrollment request.
>
> - Calling this method with valid arguments, creates an enrollment request,
submits it
> - to the server, approves the certificate requests generated for the
enrollment and
> - returns a list of CertData objects for all the certificates generated as
part of this
> - enrollment.
> + Calling this method with valid arguments, creates an enrollment request,
> + submits it to the server, approves the certificate requests generated
> + for the enrollment and returns a list of CertData objects for all the
> + certificates generated as part of this enrollment.
>
> - Note: This method supports only certificate enrollment where only one agent
approval
> - is sufficient.
> + Note: This method supports only certificate enrollment where only one
> + agent approval is sufficient.
>
> Requires an agent level authentication.
> + Returns a list of CertData objects.
> """
>
> - # Create a CertEnrollmentRequest object using the inputs for the given
profile id.
> + # Create a CertEnrollmentRequest object using the inputs for the given
> + # profile id.
> enroll_request = self.create_enrollment_request(profile_id, inputs)
>
> # Submit the enrollment request
> cert_request_infos = self.submit_enrollment_request(enroll_request)
>
> # Approve the requests generated for the certificate enrollment.
> - # Fetch the CertData objects for all the certificates created and return to
the caller.
> + # Fetch the CertData objects for all the certificates created and
> + # return to the caller.
>
> certificates = []
> - for cert_request_info in cert_request_infos.cert_info_list:
> + for cert_request_info in cert_request_infos.cert_request_info_list:
> request_id = cert_request_info.request_id
> self.approve_request(request_id)
> cert_id = self.get_request(request_id).cert_id
> @@ -1010,7 +1115,8 @@ def main():
> # Create a PKIConnection object that stores the details of the CA.
> connection = client.PKIConnection('https', 'localhost',
'8443', 'ca')
>
> - # The pem file used for authentication. Created from a p12 file using the
command -
> + # The pem file used for authentication. Created from a p12 file using the
> + # command -
> # openssl pkcs12 -in <p12_file_path> -out /tmp/auth.pem -nodes
> connection.set_authentication_cert("/tmp/auth.pem")
>
> @@ -1025,13 +1131,19 @@ def main():
>
> inputs = dict()
> inputs['cert_request_type'] = 'crmf'
> - inputs['cert_request'] =
"MIIBpDCCAaAwggEGAgUA5n9VYTCBx4ABAqUOMAwxCjAIBgNVBAMTAXimgZ8wDQYJKoZIhvcNAQEBBQAD"
\
> -
"gY0AMIGJAoGBAK/SmUVoUjBtqHNw/e3OoCSXw42pdQSR53/eYJWpf7nyTbZ9UuIhGfXOtxy5vRetmDHE"
\
> -
"9u0AopmuJbr1rL17/tSnDakpkE9umQ2lMOReLloSdX32w2xOeulUwh5BGbFpq10S0SvW1H93Vn0eCy2a"
\
> -
"a4UtILNEsp7JJ3FnYJibfuMPAgMBAAGpEDAOBgNVHQ8BAf8EBAMCBeAwMzAVBgkrBgEFBQcFAQEMCHJl"
\
> -
"Z1Rva2VuMBoGCSsGAQUFBwUBAgwNYXV0aGVudGljYXRvcqGBkzANBgkqhkiG9w0BAQUFAAOBgQCuywnr"
\
> -
"Dk/wGwfbguw9oVs9gzFQwM4zeFbk+z82G5CWoG/4mVOT5LPL5Q8iF+KfnaU9Qcu6zZPxW6ZmDd8WpPJ+"
\
> -
"MTPyQl3Q5BfiKa4l5ra1NeqxMOlMiiupwINmm7jd1KaA2eIjuyC8/gTaO4b14R6aRaOj+Scp9cNYbthA7REhJw=="
> + inputs['cert_request'] =
"MIIBpDCCAaAwggEGAgUA5n9VYTCBx4ABAqUOMAwxCjAIBgN" \
> +
"VBAMTAXimgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK" \
> +
"/SmUVoUjBtqHNw/e3OoCSXw42pdQSR53/eYJWpf7nyTbZ9U" \
> +
"uIhGfXOtxy5vRetmDHE9u0AopmuJbr1rL17/tSnDakpkE9u" \
> +
"mQ2lMOReLloSdX32w2xOeulUwh5BGbFpq10S0SvW1H93Vn0" \
> +
"eCy2aa4UtILNEsp7JJ3FnYJibfuMPAgMBAAGpEDAOBgNVHQ" \
> +
"8BAf8EBAMCBeAwMzAVBgkrBgEFBQcFAQEMCHJlZ1Rva2VuM" \
> +
"BoGCSsGAQUFBwUBAgwNYXV0aGVudGljYXRvcqGBkzANBgkq" \
> +
"hkiG9w0BAQUFAAOBgQCuywnrDk/wGwfbguw9oVs9gzFQwM4" \
> +
"zeFbk+z82G5CWoG/4mVOT5LPL5Q8iF+KfnaU9Qcu6zZPxW6" \
> +
"ZmDd8WpPJ+MTPyQl3Q5BfiKa4l5ra1NeqxMOlMiiupwINmm" \
> +
"7jd1KaA2eIjuyC8/gTaO4b14R6aRaOj+Scp9cNYbthA7REh" \
> + "Jw=="
> inputs['sn_uid'] = 'test12345'
> inputs['sn_e'] = 'example(a)redhat.com'
> inputs['sn_cn'] = 'TestUser'
> @@ -1053,13 +1165,18 @@ def main():
>
> inputs = dict()
> inputs['cert_request_type'] = 'pkcs10'
> - inputs['cert_request'] =
"MIIBmDCCAQECAQAwWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5DMRAwDgYDVQQHDAdSYWxlaWdoMRUwE"
\
> -
"wYDVQQKDAxSZWQgSGF0IEluYy4xEzARBgNVBAMMClRlc3RTZXJ2ZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY"
\
> -
"0AMIGJAoGBAMJpWz92dSYCvWxllrQCY5atPKCswUwyppRNGPnKmJ77AdHBBI4dFyET+h/+69jQMTLZMa8"
\
> -
"FX7SbyHvgbgLBP4Q/RzCSE2S87qFNjriOqiQCqJmcrzDzdncJQiP+O7T6MSpLo3smLP7dK1Vd7vK0Vy8y"
\
> -
"HwV0eBx7DgYedv2slBPHAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQBvkxAGKwkfK3TKwLc5Mg0IWp8zG"
\
> -
"RVwxdIlghAL8DugNocCNNgmZazglJOOehLuk0/NkLX1ZM5RrVgM09W6kcfWZtIwr5Uje2K/+6tW2ZTGrb"
\
> -
"izs7CNOTMzA/9H8CkHb4H9P/qRT275zHIocYj4smUnXLwWGsBMeGs+OMMbGvSrHg=="
> + inputs['cert_request'] =
"MIIBmDCCAQECAQAwWDELMAkGA1UEBhMCVVMxCzAJBgNVBAg" \
> +
"MAk5DMRAwDgYDVQQHDAdSYWxlaWdoMRUwEwYDVQQKDAxSZW" \
> +
"QgSGF0IEluYy4xEzARBgNVBAMMClRlc3RTZXJ2ZXIwgZ8wD" \
> +
"QYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMJpWz92dSYCvWxl" \
> +
"lrQCY5atPKCswUwyppRNGPnKmJ77AdHBBI4dFyET+h/+69j" \
> +
"QMTLZMa8FX7SbyHvgbgLBP4Q/RzCSE2S87qFNjriOqiQCqJ" \
> +
"mcrzDzdncJQiP+O7T6MSpLo3smLP7dK1Vd7vK0Vy8yHwV0e" \
> +
"Bx7DgYedv2slBPHAgMBAAGgADANBgkqhkiG9w0BAQUFAAOB" \
> +
"gQBvkxAGKwkfK3TKwLc5Mg0IWp8zGRVwxdIlghAL8DugNoc" \
> +
"CNNgmZazglJOOehLuk0/NkLX1ZM5RrVgM09W6kcfWZtIwr5" \
> +
"Uje2K/+6tW2ZTGrbizs7CNOTMzA/9H8CkHb4H9P/qRT275z" \
> + "HIocYj4smUnXLwWGsBMeGs+OMMbGvSrHg=="
>
> inputs['requestor_name'] = 'Tester'
> inputs['requestor_email'] = 'example(a)redhat.com'
> @@ -1080,8 +1197,8 @@ def main():
>
> search_params = {'status': 'VALID'}
> cert_data_list = cert_client.list_certs(**search_params)
> - for cert_data_info in cert_data_list.cert_info_list:
> - print("Serial Number: " + cert_data_info.cert_id)
> + for cert_data_info in cert_data_list:
> + print("Serial Number: " + cert_data_info.serial_number)
> print("Subject DN: " + cert_data_info.subject_dn)
> print("Status: " + cert_data_info.status)
> print
> @@ -1099,7 +1216,8 @@ def main():
>
> # Certificate Serial Number used for CertClient methods.
> # 7, 0x7 and '0x7' are also valid values
> - # Following examples use the serial number of the user certificate enrolled
before.
> + # Following examples use the serial number of the user certificate enrolled
> + # before.
> cert_id = cert_data_infos[0].serial_number
>
> #Get certificate data
> @@ -1136,9 +1254,8 @@ def main():
> print('Revoking a certificate')
> print('----------------------')
>
> - cert_request_info = cert_client.revoke_cert(cert_data.serial_number,
> -
revocation_reason=CertRevokeRequest.REASON_CERTIFICATE_HOLD,
> - comments="Test revoking a
cert", nonce=cert_data.nonce)
> + cert_request_info = cert_client.hold_cert(cert_data.serial_number,
> + comments="Test revoking a
cert")
> print('Request ID: ' + cert_request_info.request_id)
> print('Request Type: ' + cert_request_info.request_type)
> print('Request Status: ' + cert_request_info.request_status)
> diff --git a/base/common/python/pki/profile.py b/base/common/python/pki/profile.py
> index
83cd8bcca0d9ad3841b0b6b74e2aa4a6724e5bbc..34aa32eca0554259f5aab9b17f33970de93d39fb 100644
> --- a/base/common/python/pki/profile.py
> +++ b/base/common/python/pki/profile.py
> @@ -14,12 +14,24 @@ import pki.account as account
>
> class ProfileDataInfo(object):
> """Stores information about a profile"""
> +
> def __init__(self):
> self.profile_id = None
> self.profile_name = None
> self.profile_description = None
> self.profile_url = None
>
> + def __repr__(self):
> + attributes = {
> + "ProfileDataInfo": {
> + 'profile_id': self.profile_id,
> + 'name': self.profile_name,
> + 'description': self.profile_description,
> + 'url': self.profile_url
> + }
> + }
> + return str(attributes)
> +
> @classmethod
> def from_json(cls, attr_list):
> profile_data_info = cls()
> @@ -41,15 +53,20 @@ class ProfileDataInfoCollection(object):
> self.profile_data_list = []
> self.links = []
>
> + def __iter__(self):
> + return iter(self.profile_data_list)
> +
> @classmethod
> def from_json(cls, json_value):
> ret = cls()
> profile_data_infos = json_value['entries']
> if not isinstance(profile_data_infos, types.ListType):
> -
ret.profile_data_list.append(ProfileDataInfo.from_json(profile_data_infos))
> + ret.profile_data_list.append(
> + ProfileDataInfo.from_json(profile_data_infos))
> else:
> for profile_info in profile_data_infos:
> -
ret.profile_data_list.append(ProfileDataInfo.from_json(profile_info))
> + ret.profile_data_list.append(
> + ProfileDataInfo.from_json(profile_info))
>
> links = json_value['Link']
> if not isinstance(links, types.ListType):
> @@ -64,10 +81,12 @@ class ProfileDataInfoCollection(object):
> class Descriptor(object):
> """
> This class represents the description of a ProfileAttribute.
> - It stores information such as the syntax, constraint and default value of a
profile attribute.
> + It stores information such as the syntax, constraint and default value of
> + a profile attribute.
> """
>
> - def __init__(self, syntax=None, constraint=None, description=None,
default_value=None):
> + def __init__(self, syntax=None, constraint=None, description=None,
> + default_value=None):
> self.syntax = syntax
> self.constraint = constraint
> self.description = description
> @@ -118,6 +137,7 @@ class ProfileAttribute(object):
> """
> Represents a profile attribute of a ProfileInput.
> """
> +
> def __init__(self, name=None, value=None, descriptor=None):
> self.name = name
> self.value = value
> @@ -158,8 +178,8 @@ class ProfileInput(object):
> Ex. Subject name, Requestor Information etc.
> """
>
> - def __init__(self, profile_input_id=None, class_id=None, name=None, text=None,
attributes=None,
> - config_attributes=None):
> + def __init__(self, profile_input_id=None, class_id=None, name=None,
> + text=None, attributes=None, config_attributes=None):
>
> self.profile_input_id = profile_input_id
> self.class_id = class_id
> @@ -261,17 +281,21 @@ class ProfileInput(object):
>
> attributes = json_value['Attribute']
> if not isinstance(attributes, types.ListType):
> -
profile_input.attributes.append(ProfileAttribute.from_json(attributes))
> + profile_input.attributes.append(
> + ProfileAttribute.from_json(attributes))
> else:
> for profile_info in attributes:
> -
profile_input.attributes.append(ProfileAttribute.from_json(profile_info))
> + profile_input.attributes.append(
> + ProfileAttribute.from_json(profile_info))
>
> config_attributes = json_value['ConfigAttribute']
> if not isinstance(config_attributes, types.ListType):
> -
profile_input.config_attributes.append(ProfileAttribute.from_json(config_attributes))
> + profile_input.config_attributes.append(
> + ProfileAttribute.from_json(config_attributes))
> else:
> for config_attribute in config_attributes:
> -
profile_input.config_attributes.append(ProfileAttribute.from_json(config_attribute))
> + profile_input.config_attributes.append(
> + ProfileAttribute.from_json(config_attribute))
>
> return profile_input
>
> @@ -282,7 +306,8 @@ class ProfileOutput(object):
> using a profile.
> """
>
> - def __init__(self, profile_output_id=None, name=None, text=None, class_id=None,
attributes=None):
> + def __init__(self, profile_output_id=None, name=None, text=None,
> + class_id=None, attributes=None):
> self.profile_output_id = profile_output_id
> self.name = name
> self.text = text
> @@ -332,15 +357,16 @@ class ProfileOutput(object):
> profile_output.class_id = json_value['classId']
> attributes = json_value['attributes']
> if not isinstance(attributes, types.ListType):
> -
profile_output.attributes.append(ProfileAttribute.from_json(attributes))
> + profile_output.attributes.append(
> + ProfileAttribute.from_json(attributes))
> else:
> for profile_info in attributes:
> -
profile_output.attributes.append(ProfileAttribute.from_json(profile_info))
> + profile_output.attributes.append(
> + ProfileAttribute.from_json(profile_info))
> return profile_output
>
>
> class ProfileParameter(object):
> -
> def __init__(self, name=None, value=None):
> self.name = name
> self.value = value
> @@ -355,10 +381,12 @@ class ProfileParameter(object):
>
> class PolicyDefault(object):
> """
> - An object of this class contains information of the default usage of a specific
ProfileInput.
> + An object of this class contains information of the default usage of a
> + specific ProfileInput.
> """
>
> - def __init__(self, name=None, class_id=None, description=None,
policy_attributes=None, policy_params=None):
> + def __init__(self, name=None, class_id=None, description=None,
> + policy_attributes=None, policy_params=None):
> self.name = name
> self.class_id = class_id
> self.description = description
> @@ -415,24 +443,27 @@ class PolicyDefault(object):
> if 'policyAttribute' in json_value:
> attributes = json_value['policyAttribute']
> if not isinstance(attributes, types.ListType):
> -
policy_def.policy_attributes.append(ProfileAttribute.from_json(attributes))
> + policy_def.policy_attributes.append(
> + ProfileAttribute.from_json(attributes))
> else:
> for attr in attributes:
> -
policy_def.policy_attributes.append(ProfileAttribute.from_json(attr))
> + policy_def.policy_attributes.append(
> + ProfileAttribute.from_json(attr))
>
> if 'params' in json_value:
> params = json_value['params']
> if not isinstance(params, types.ListType):
> -
policy_def.policy_params.append(ProfileParameter.from_json(params))
> + policy_def.policy_params.append(
> + ProfileParameter.from_json(params))
> else:
> for param in params:
> -
policy_def.policy_params.append(ProfileParameter.from_json(param))
> + policy_def.policy_params.append(
> + ProfileParameter.from_json(param))
>
> return policy_def
>
>
> class PolicyConstraintValue(object):
> -
> def __init__(self, name=None, value=None, descriptor=None):
> self.name = name
> self.value = value
> @@ -460,11 +491,12 @@ class PolicyConstraintValue(object):
>
> class PolicyConstraint(object):
> """
> - An object of this class contains the policy constraints applied to a
ProfileInput
> - used by a certificate enrollment request.
> + An object of this class contains the policy constraints applied to a
> + ProfileInput used by a certificate enrollment request.
> """
>
> - def __init__(self, name=None, description=None, class_id=None,
policy_constraint_values=None):
> + def __init__(self, name=None, description=None, class_id=None,
> + policy_constraint_values=None):
> self.name = name
> self.description = description
> self.class_id = class_id
> @@ -509,10 +541,12 @@ class PolicyConstraint(object):
> if 'constraint' in json_value:
> constraints = json_value['constraint']
> if not isinstance(constraints, types.ListType):
> -
policy_constraint.policy_constraint_values.append(PolicyConstraintValue.from_json(constraints))
> + policy_constraint.policy_constraint_values.append(
> + PolicyConstraintValue.from_json(constraints))
> else:
> for constraint in constraints:
> -
policy_constraint.policy_constraint_values.append(PolicyConstraintValue.from_json(constraint))
> + policy_constraint.policy_constraint_values.append(
> + PolicyConstraintValue.from_json(constraint))
>
> return policy_constraint
>
> @@ -520,11 +554,13 @@ class PolicyConstraint(object):
> class ProfilePolicy(object):
> """
> This class represents the policy a profile adheres to.
> - An object of this class stores the default values for profile and the
constraints present on the
> - values of the attributes of the profile submitted for an enrollment request.
> + An object of this class stores the default values for profile and the
> + constraints present on the values of the attributes of the profile submitted
> + for an enrollment request.
> """
>
> - def __init__(self, policy_id=None, policy_default=None,
policy_constraint=None):
> + def __init__(self, policy_id=None, policy_default=None,
> + policy_constraint=None):
> self.policy_id = policy_id
> self.policy_default = policy_default
> self.policy_constraint = policy_constraint
> @@ -563,6 +599,7 @@ class ProfilePolicySet(object):
> """
> Stores a list of ProfilePolicy objects.
> """
> +
> def __init__(self):
> self.policies = []
>
> @@ -585,6 +622,7 @@ class PolicySet(object):
> An object of this class contains a name value pair of the
> policy name and the ProfilePolicy object.
> """
> +
> def __init__(self, name=None, policy_list=None):
> self.name = name
> if policy_list is None:
> @@ -620,6 +658,8 @@ class PolicySet(object):
> for policy in policies:
> policy_set.policy_list.append(ProfilePolicy.from_json(policy))
>
> + return policy_set
> +
>
> class PolicySetList(object):
> """
> @@ -648,7 +688,8 @@ class PolicySetList(object):
> policy_set_list.policy_sets.append(PolicySet.from_json(policy_sets))
> else:
> for policy_set in policy_sets:
> -
policy_set_list.policy_sets.append(PolicySet.from_json(policy_set))
> + policy_set_list.policy_sets.append(
> + PolicySet.from_json(policy_set))
>
>
> class ProfileData(object):
> @@ -656,9 +697,11 @@ class ProfileData(object):
> This class represents an enrollment profile.
> """
>
> - def __init__(self, profile_id=None, class_id=None, name=None, description=None,
enabled=None, visible=None,
> - enabled_by=None, authenticator_id=None, authorization_acl=None,
renewal=None, xml_output=None,
> - inputs=None, outputs=None, policy_sets=None, link=None):
> + def __init__(self, profile_id=None, class_id=None, name=None,
> + description=None, enabled=None, visible=None, enabled_by=None,
> + authenticator_id=None, authorization_acl=None, renewal=None,
> + xml_output=None, inputs=None, outputs=None, policy_sets=None,
> + link=None):
>
> self.profile_id = profile_id
> self.name = name
> @@ -779,31 +822,49 @@ class ProfileData(object):
> profile_data.inputs.append(ProfileInput.from_json(profile_inputs))
> else:
> for profile_input in profile_inputs:
> -
profile_data.policy_sets.append(ProfileInput.from_json(profile_input))
> + profile_data.inputs.append(
> + ProfileInput.from_json(profile_input))
>
> profile_outputs = json_value['Output']
> if not isinstance(profile_outputs, types.ListType):
> - profile_data.outputs.append(ProfileOutput.from_json(profile_outputs))
> + profile_data.outputs.append(
> + ProfileOutput.from_json(profile_outputs))
> else:
> for profile_output in profile_outputs:
> -
profile_data.policy_sets.append(ProfileOutput.from_json(profile_output))
> + profile_data.outputs.append(
> + ProfileOutput.from_json(profile_output))
>
> policy_sets = json_value['PolicySets']
> if not isinstance(policy_sets, types.ListType):
> - profile_data.policy_sets.append(PolicySetList.from_json(policy_sets))
> + profile_data.policy_sets.append(
> + PolicySetList.from_json(policy_sets))
> else:
> for policy_set in policy_sets:
> -
profile_data.policy_sets.append(PolicySetList.from_json(policy_set))
> + profile_data.policy_sets.append(
> + PolicySetList.from_json(policy_set))
>
> profile_data.link = pki.Link.from_json(json_value['link'])
>
> return profile_data
>
> + def __repr__(self):
> + attributes = {
> + "ProfileData": {
> + 'profile_id': self.profile_id,
> + 'name': self.name,
> + 'description': self.description,
> + 'status': ('enabled' if self.enabled else
'disabled'),
> + 'visible': self.visible
> + }
> + }
> + return str(attributes)
> +
>
> class ProfileClient(object):
> """
> This class consists of methods for accessing the ProfileResource.
> """
> +
> def __init__(self, connection):
> self.connection = connection
> self.headers = {'Content-type': 'application/json',
> @@ -856,7 +917,8 @@ class ProfileClient(object):
> if profile_id is None:
> raise ValueError("Profile ID must be specified.")
> if action is None:
> - raise ValueError("A valid action(enable/disable) must be
specified.")
> + raise ValueError("A valid action(enable/disable) must be "
> + "specified.")
>
> url = self.profiles_url + '/' + str(profile_id)
> params = {'action': action}
> @@ -881,7 +943,8 @@ def main():
> # Initialize a PKIConnection object for the CA
> connection = client.PKIConnection('https', 'localhost',
'8443', 'ca')
>
> - # The pem file used for authentication. Created from a p12 file using the
command -
> + # The pem file used for authentication. Created from a p12 file using the
> + # command -
> # openssl pkcs12 -in <p12_file_path> -out /tmp/auth.pem -nodes
> connection.set_authentication_cert("/tmp/auth.pem")
>
> @@ -892,7 +955,7 @@ def main():
> profile_data_infos = profile_client.list_profiles()
> print('List of profiles:')
> print('-----------------')
> - for profile_data_info in profile_data_infos.profile_data_list:
> + for profile_data_info in profile_data_infos:
> print(' Profile ID: ' + profile_data_info.profile_id)
> print(' Profile Name: ' + profile_data_info.profile_name)
> print(' Profile Description: ' +
profile_data_info.profile_description)
> --
> 1.8.5.3
>
3854
days inactive
3859
days old
8 comments
3 participants
participants (3)
-
Abhishek Koneru -
Ade Lee -
Fraser Tweedale