[Pki-devel] [PATCH] 99 Fixes for trac tickets 1040 and 1041 (Related to refactoring python modules)
Fraser Tweedale
ftweedal at redhat.com
Fri Jun 27 06:25:49 UTC 2014
On Thu, Jun 26, 2014 at 12:27:42AM -0400, Abhishek Koneru wrote:
> Please review the attached patch with fixes for tickets 1040 and 1041.
>
I haven't yet tested the KRA aspects but the pki.cert test ran
perfectly. Other comments follow.
> Changes made:
>
> -- Added dictionaries with mapping for python attribute names and
> JSON attribute names received from the server.
>
The ``for k, v in attr_list.items(): ...`` pattern happens in a lot
of places - might be worth extracting it, though that needn't be
done immediately.
> -- Made changes to from_json methods in data classes to take care of
> missing attributes in the JSON string. (#1040 - caused due to missing
> attribute in the JSON value of the CertData object when tested by Endi).
>
> -- Renamed kraclient module to kra. (#1041). updated import in
> drmtest.py.
>
> -- Removed the usage of properties in the some classes. The reverse
> conversion of atribute names from _separated names to camelCase is done
> using the name mapping dictionaries in the classes and a static method
> added in CustomEncoder in the encoder module.
>
> -- Fixed some issues in drmtest.py.
>
Looks like you also need to update drmtest.readme.txt to reflect
these changes.
> -- Updated the license string in the files.
>
> Note: The following changes are limited to cert and key modules. Similar
> changes will be made to profile module once it is completely checked in.
>
> Tested the code by running cert and drmtest modules.
>
> -- Abhishek
> >From 03a4231192b75021054b3575b21e4b363c353bb1 Mon Sep 17 00:00:00 2001
> From: Abhishek Koneru <akoneru at redhat.com>
> Date: Tue, 24 Jun 2014 09:37:07 -0400
> Subject: [PATCH] Fixes for #1040 and #1041 in cert and key python modules
>
> Ticket 1040 - Perform null checks on JSON attributes.
> Ticket 1041 - Rename module kraclient to kra.
>
> Also refactored the code in cert module removing the usage of
> property. Achieved the conversion of names(camelCase to '_' separated )
> using a dictionaries in the objects. The default method in encoder module
> has also been modified to perform the reverse conversion.
>
> Conflicts:
> base/common/python/pki/key.py
> ---
> base/common/python/pki/cert.py | 370 ++++++++----------------
> base/common/python/pki/encoder.py | 13 +-
> base/common/python/pki/key.py | 71 ++---
> base/common/python/pki/{kraclient.py => kra.py} | 0
> base/kra/functional/drmtest.py | 73 +++--
> 5 files changed, 217 insertions(+), 310 deletions(-)
> rename base/common/python/pki/{kraclient.py => kra.py} (100%)
>
> diff --git a/base/common/python/pki/cert.py b/base/common/python/pki/cert.py
> index 036bbf4e31d2f75118949395b539aa7fa0007eef..6793b16ede8552993e6305cfc76724ba0f788b3b 100644
> --- a/base/common/python/pki/cert.py
> +++ b/base/common/python/pki/cert.py
> @@ -1,8 +1,25 @@
> #!/usr/bin/python
> """
> -Created on Feb 13, 2014
> + This program is free software; you can redistribute it and/or modify
> + it under the terms of the GNU General Public License as published by
> + the Free Software Foundation; version 2 of the License.
> +
> + This program is distributed in the hope that it will be useful,
> + but WITHOUT ANY WARRANTY; without even the implied warranty of
> + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + GNU General Public License for more details.
> +
> + You should have received a copy of the GNU General Public License along
> + with this program; if not, write to the Free Software Foundation, Inc.,
> + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> +
> + Copyright (C) 2014 Red Hat, Inc.
> + All rights reserved.
> +
> +Authors:
> + Abhishek Koneru <akoneru at redhat.com>
> + Ade Lee <alee at redhat.com>
>
> - at author: akoneru
> """
> import copy
> import json
> @@ -19,8 +36,17 @@ class CertData(object):
> Class containing certificate data as returned from getCert()
> """
>
> + json_attribute_names = {
> + 'id': 'serial_number', 'IssuerDN': 'issuer_dn',
> + 'SubjectDN': 'subject_dn', 'PrettyPrint': 'pretty_repr',
> + 'Encoded': 'encoded', 'NotBefore': 'not_before',
> + 'NotAfter': 'not_after', 'Status': 'status', 'Nonce': 'nonce',
> + 'Link': 'link', 'PKCS7CertChain': 'pkcs7_cert_chain'
> + }
> +
> def __init__(self):
> - """ Constructor """
> + """Constructor"""
> +
> self.serial_number = None
> self.issuer_dn = None
> self.subject_dn = None
> @@ -47,20 +73,17 @@ class CertData(object):
> def from_json(cls, attr_list):
> """ Return CertData object from JSON dict """
> cert_data = cls()
> - cert_data.serial_number = attr_list['id']
> - cert_data.issuer_dn = attr_list['IssuerDN']
> - cert_data.subject_dn = attr_list['SubjectDN']
> - cert_data.pretty_repr = attr_list['PrettyPrint']
> - cert_data.encoded = attr_list['Encoded']
> - cert_data.pkcs7_cert_chain = attr_list['PKCS7CertChain']
> - cert_data.not_before = attr_list['NotBefore']
> - cert_data.not_after = attr_list['NotAfter']
> - cert_data.status = attr_list['Status']
> - cert_data.link = pki.Link.from_json(attr_list['Link'])
>
> - #Special case. Only returned when reviewing a cert.
> - if 'Nonce' in attr_list:
> - cert_data.nonce = attr_list['Nonce']
> + for k, v in attr_list.items():
> + if k not in ['Link']:
> + if k in CertData.json_attribute_names:
> + setattr(cert_data, CertData.json_attribute_names[k], v)
> + else:
> + setattr(cert_data, k, v)
> +
> + if 'Link' in attr_list:
> + cert_data.link = pki.Link.from_json(attr_list['Link'])
> +
> return cert_data
>
>
> @@ -70,6 +93,14 @@ class CertDataInfo(object):
> This data is returned when searching/listing certificate records.
> """
>
> + json_attribute_names = {
> + 'id': 'serial_number', 'SubjectDN': 'subject_dn', 'Status': 'status',
> + 'Type': 'type', 'Version': 'version', 'KeyLength': 'key_length',
> + 'KeyAlgorithmOID': 'key_algorithm_oid', 'Link': 'link',
> + 'NotValidBefore': 'not_valid_before',
> + 'NotValidAfter': 'not_valid_after', 'IssuedOn': 'issued_on',
> + 'IssuedBy': 'issued_by'}
> +
> def __init__(self):
> """ Constructor """
> self.serial_number = None
> @@ -99,18 +130,16 @@ class CertDataInfo(object):
> def from_json(cls, attr_list):
> """ Return CertDataInfo object from JSON dict """
> cert_data_info = cls()
> - cert_data_info.serial_number = attr_list['id']
> - cert_data_info.subject_dn = attr_list['SubjectDN']
> - cert_data_info.status = attr_list['Status']
> - cert_data_info.type = attr_list['Type']
> - cert_data_info.version = attr_list['Version']
> - cert_data_info.key_algorithm_oid = attr_list['KeyAlgorithmOID']
> - cert_data_info.key_length = attr_list['KeyLength']
> - cert_data_info.not_valid_before = attr_list['NotValidBefore']
> - cert_data_info.not_valid_after = attr_list['NotValidAfter']
> - cert_data_info.issued_on = attr_list['IssuedOn']
> - cert_data_info.issued_by = attr_list['IssuedBy']
> - cert_data_info.link = pki.Link.from_json(attr_list['Link'])
> + for k, v in attr_list.items():
> + if k not in ['Link']:
> + if k in CertDataInfo.json_attribute_names:
> + setattr(cert_data_info,
> + CertDataInfo.json_attribute_names[k], v)
> + else:
> + setattr(cert_data_info, k, v)
> +
> + if 'Link' in attr_list:
> + cert_data_info.link = pki.Link.from_json(attr_list['Link'])
>
> return cert_data_info
>
> @@ -157,6 +186,12 @@ class CertRequestInfo(object):
> An object of this class stores represents a
> certificate request.
> """
> + json_attribute_names = {
> + 'requestType': 'request_type', 'requestURL': 'request_url',
> + 'requestStatus': 'request_status', 'certId': 'cert_id',
> + 'operationResult': 'operation_result', 'certURL': 'cert_url',
> + 'errorMessage': 'error_message', 'certRequestType': 'cert_request_type'
> + }
>
> def __init__(self):
> """ Constructor """
> @@ -184,22 +219,18 @@ class CertRequestInfo(object):
> @classmethod
> def from_json(cls, attr_list):
> cert_request_info = cls()
> - cert_request_info.request_type = attr_list['requestType']
> - cert_request_info.request_url = attr_list['requestURL']
> - cert_request_info.request_status = attr_list['requestStatus']
> - cert_request_info.operation_result = attr_list['operationResult']
> +
> + for k, v in attr_list.items():
> + if k not in ['Link']:
> + if k in CertRequestInfo.json_attribute_names:
> + setattr(cert_request_info,
> + CertRequestInfo.json_attribute_names[k], v)
> + else:
> + setattr(cert_request_info, k, v)
> +
> cert_request_info.request_id = \
> str(cert_request_info.request_url)[(str(
> cert_request_info.request_url).rfind("/") + 1):]
> - #Optional parameters
> - if 'certId' in attr_list:
> - cert_request_info.cert_id = attr_list['certId']
> - if 'certURL' in attr_list:
> - cert_request_info.cert_url = attr_list['certURL']
> - if 'certRequestType' in attr_list:
> - cert_request_info.cert_request_type = attr_list['certRequestType']
> - if 'errorMessage' in attr_list:
> - cert_request_info.error_message = attr_list['errorMessage']
>
> return cert_request_info
>
> @@ -376,6 +407,13 @@ class CertEnrollmentRequest(object):
> enrollment request.
> """
>
> + json_attribute_names = {
> + 'ProfileID': 'profile_id', 'Renewal': 'renewal',
> + 'SerialNumber': 'serial_number', 'RemoteHost': 'remote_host',
> + 'RemoteAddress': 'remote_address', 'Input': 'inputs',
> + 'Output': 'outputs'
> + }
> +
> def __init__(self, profile_id=None, renewal=False, serial_number=None,
> remote_host=None, remote_address=None, inputs=None,
> outputs=None):
> @@ -387,64 +425,12 @@ class CertEnrollmentRequest(object):
> self.remote_address = remote_address
> if inputs is None:
> self.inputs = []
> + else:
> + self.inputs = inputs
> if outputs is None:
> self.outputs = []
> -
> - @property
> - def profile_id(self):
> - return getattr(self, 'ProfileID', None)
> -
> - @profile_id.setter
> - def profile_id(self, value):
> - setattr(self, 'ProfileID', value)
> -
> - @property
> - def renewal(self):
> - return getattr(self, 'Renewal', False)
> -
> - @renewal.setter
> - def renewal(self, value):
> - setattr(self, 'Renewal', value)
> -
> - @property
> - def serial_number(self):
> - return getattr(self, 'SerialNumber', None)
> -
> - @serial_number.setter
> - def serial_number(self, value):
> - setattr(self, 'SerialNumber', value)
> -
> - @property
> - def remote_host(self):
> - return getattr(self, 'RemoteHost', None)
> -
> - @remote_host.setter
> - def remote_host(self, value):
> - setattr(self, 'RemoteHost', value)
> -
> - @property
> - def remote_address(self):
> - return getattr(self, 'RemoteAddress', None)
> -
> - @remote_address.setter
> - def remote_address(self, value):
> - setattr(self, 'RemoteAddress', value)
> -
> - @property
> - def inputs(self):
> - return getattr(self, 'Input')
> -
> - @inputs.setter
> - def inputs(self, value):
> - setattr(self, 'Input', value)
> -
> - @property
> - def outputs(self):
> - return getattr(self, 'Output')
> -
> - @outputs.setter
> - def outputs(self, value):
> - setattr(self, 'Output', value)
> + else:
> + self.outputs = outputs
>
> def add_input(self, profile_input):
> self.inputs.append(profile_input)
> @@ -479,19 +465,19 @@ class CertEnrollmentRequest(object):
> return None
>
> @classmethod
> - def from_json(cls, json_value):
> + def from_json(cls, attr_list):
> +
> enroll_request = cls()
>
> - enroll_request.profile_id = json_value['ProfileID']
> - enroll_request.renewal = json_value['Renewal']
> - if 'SerialNumber' in json_value:
> - enroll_request.serial_number = json_value['SerialNumber']
> - if 'RemoteHost' in json_value:
> - enroll_request.remote_host = json_value['RemoteHost']
> - if 'RemoteAddress' in json_value:
> - enroll_request.remote_address = json_value['RemoteAddress']
> + for k, v in attr_list.items():
> + if k not in ['Input', 'Output']:
> + if k in CertEnrollmentRequest.json_attribute_names:
> + setattr(enroll_request,
> + CertEnrollmentRequest.json_attribute_names[k], v)
> + else:
> + setattr(enroll_request, k, v)
>
> - inputs = json_value['Input']
> + inputs = attr_list['Input']
> if not isinstance(inputs, types.ListType):
> enroll_request.inputs.append(profile.ProfileInput.from_json(inputs))
> else:
> @@ -499,7 +485,7 @@ class CertEnrollmentRequest(object):
> enroll_request.inputs.append(
> profile.ProfileInput.from_json(profile_input))
>
> - outputs = json_value['Output']
> + outputs = attr_list['Output']
> if not isinstance(outputs, types.ListType):
> enroll_request.outputs.append(
> profile.ProfileOutput.from_json(outputs))
> @@ -518,6 +504,23 @@ class CertReviewResponse(CertEnrollmentRequest):
> It contains a nonce required to perform action on the request.
> """
>
> + json_attribute_names = dict(
> + CertEnrollmentRequest.json_attribute_names.items() + {
> + 'requestId': 'request_id', 'requestType': 'request_type',
> + 'requestStatus': 'request_status', 'requestOwner': 'request_owner',
> + 'requestCreationTime': 'request_creation_time',
> + 'requestNotes': 'request_notes',
> + 'requestModificationTime': 'request_modification_time',
> + 'profileApprovedBy': 'profile_approved_by',
> + 'profileSetId': 'profile_set_id', 'profileName': 'profile_name',
> + 'profileIsVisible': 'profile_is_visible',
> + 'profileDescription': 'profile_description',
> + 'profileRemoteHost': 'profile_remote_host',
> + 'profileRemoteAddr': 'profile_remote_address',
> + 'ProfilePolicySet': 'policy_sets'
> + }.items()
> + )
> +
> def __init__(self, profile_id=None, renewal=False, serial_number=None,
> remote_host=None, remote_address=None, inputs=None,
> outputs=None, nonce=None, request_id=None, request_type=None,
> @@ -554,151 +557,22 @@ class CertReviewResponse(CertEnrollmentRequest):
> else:
> self.policy_sets = policy_sets
>
> - @property
> - def request_id(self):
> - return getattr(self, 'requestId')
> -
> - @request_id.setter
> - def request_id(self, value):
> - setattr(self, 'requestId', value)
> -
> - @property
> - def request_type(self):
> - return getattr(self, 'requestType')
> -
> - @request_type.setter
> - def request_type(self, value):
> - setattr(self, 'requestType', value)
> -
> - @property
> - def request_status(self):
> - return getattr(self, 'requestStatus')
> -
> - @request_status.setter
> - def request_status(self, value):
> - setattr(self, 'requestStatus', value)
> -
> - @property
> - def request_owner(self):
> - return getattr(self, 'requestOwner')
> -
> - @request_owner.setter
> - def request_owner(self, value):
> - setattr(self, 'requestOwner', value)
> -
> - @property
> - def request_creation_time(self):
> - return getattr(self, 'requestCreationTime')
> -
> - @request_creation_time.setter
> - def request_creation_time(self, value):
> - setattr(self, 'requestCreationTime', value)
> -
> - @property
> - def request_modification_time(self):
> - return getattr(self, 'requestModificationTime')
> -
> - @request_modification_time.setter
> - def request_modification_time(self, value):
> - setattr(self, 'requestModificationTime', value)
> -
> - @property
> - def request_notes(self):
> - return getattr(self, 'requestNotes')
> -
> - @request_notes.setter
> - def request_notes(self, value):
> - setattr(self, 'requestNotes', value)
> -
> - @property
> - def profile_approved_by(self):
> - return getattr(self, 'profileApprovedBy')
> -
> - @profile_approved_by.setter
> - def profile_approved_by(self, value):
> - setattr(self, 'profileApprovedBy', value)
> -
> - @property
> - def profile_set_id(self):
> - return getattr(self, 'profileSetId')
> -
> - @profile_set_id.setter
> - def profile_set_id(self, value):
> - setattr(self, 'profileSetId', value)
> -
> - @property
> - def profile_is_visible(self):
> - return getattr(self, 'profileIsVisible')
> -
> - @profile_is_visible.setter
> - def profile_is_visible(self, value):
> - setattr(self, 'profileIsVisible', value)
> -
> - @property
> - def profile_name(self):
> - return getattr(self, 'profileName')
> -
> - @profile_name.setter
> - def profile_name(self, value):
> - setattr(self, 'profileName', value)
> -
> - @property
> - def profile_description(self):
> - return getattr(self, 'profileDescription')
> -
> - @profile_description.setter
> - def profile_description(self, value):
> - setattr(self, 'profileDescription', value)
> -
> - @property
> - def profile_remote_host(self):
> - return getattr(self, 'profileRemoteHost')
> -
> - @profile_remote_host.setter
> - def profile_remote_host(self, value):
> - setattr(self, 'profileRemoteHost', value)
> -
> - @property
> - def profile_remote_address(self):
> - return getattr(self, 'profileRemoteAddr')
> -
> - @profile_remote_address.setter
> - def profile_remote_address(self, value):
> - setattr(self, 'profileRemoteAddr', value)
> -
> - @property
> - def policy_sets(self):
> - return getattr(self, 'ProfilePolicySet')
> -
> - @policy_sets.setter
> - def policy_sets(self, value):
> - setattr(self, 'ProfilePolicySet', value)
> -
> @classmethod
> - def from_json(cls, json_value):
> + def from_json(cls, attr_list):
>
> #First read the values for attributes defined in CertEnrollmentRequest
> - review_response = super(CertReviewResponse, cls).from_json(json_value)
> + review_response = super(CertReviewResponse, cls).from_json(attr_list)
>
> - review_response.nonce = json_value['nonce']
> - review_response.request_id = json_value['requestId']
> - review_response.request_type = json_value['requestType']
> - review_response.request_status = json_value['requestStatus']
> - review_response.request_owner = json_value['requestOwner']
> - review_response.request_creation_time = \
> - json_value['requestCreationTime']
> - review_response.request_modification_time = \
> - json_value['requestModificationTime']
> - review_response.request_notes = json_value['requestNotes']
> - review_response.profile_approved_by = json_value['profileApprovedBy']
> - review_response.profile_set_id = json_value['profileSetId']
> - review_response.profile_is_visible = json_value['profileIsVisible']
> - review_response.profile_name = json_value['profileName']
> - review_response.profile_description = json_value['profileDescription']
> - review_response.profile_remote_host = json_value['profileRemoteHost']
> - review_response.profile_remote_address = json_value['profileRemoteAddr']
> + for k, v in attr_list.items():
> + if k not in ['ProfilePolicySet'] and \
> + k not in CertEnrollmentRequest.json_attribute_names:
> + if k in CertReviewResponse.json_attribute_names:
> + setattr(review_response,
> + CertReviewResponse.json_attribute_names[k], v)
> + else:
> + setattr(review_response, k, v)
>
> - profile_policy_sets = json_value['ProfilePolicySet']
> + profile_policy_sets = attr_list['ProfilePolicySet']
> if not isinstance(profile_policy_sets, types.ListType):
> review_response.policy_sets.append(
> profile.ProfilePolicySet.from_json(profile_policy_sets))
> diff --git a/base/common/python/pki/encoder.py b/base/common/python/pki/encoder.py
> index 0ed194d0da140098ef5675adbe77811f29af5d6b..06a23250ed6f1a2835d2ac830f6b653a6f9ec0ee 100644
> --- a/base/common/python/pki/encoder.py
> +++ b/base/common/python/pki/encoder.py
> @@ -36,9 +36,20 @@ class CustomTypeEncoder(json.JSONEncoder):
> return {k: obj.__dict__}
> for k, v in NOTYPES.items():
> if isinstance(obj, v):
> - return obj.__dict__
> + return self.attr_name_conversion(obj.__dict__, v)
> return json.JSONEncoder.default(self, obj)
>
> + @staticmethod
> + def attr_name_conversion(attr_dict, object_class):
> + if not hasattr(object_class, 'json_attribute_names'):
> + return attr_dict
> + for k, v in object_class.json_attribute_names.items():
> + if v in attr_dict:
> + value = attr_dict[v]
> + del attr_dict[v]
> + attr_dict[k] = value
(non-blocker) Could replace above three lines with:
attr_dict[k] = attr_dict.pop(v)
> + return attr_dict
> +
>
> def CustomTypeDecoder(dct):
> if len(dct) == 1:
> diff --git a/base/common/python/pki/key.py b/base/common/python/pki/key.py
> index 5a24c2a31e923c8befa00f578858f1bb02d661ef..42f21ae677574c9c9accc4bb5ceb66264adba633 100644
> --- a/base/common/python/pki/key.py
> +++ b/base/common/python/pki/key.py
> @@ -1,7 +1,4 @@
> #!/usr/bin/python
> -# Authors:
> -# Abhishek Koneru <akoneru at redhat.com>
> -# Ade Lee <alee at redhat.com>
> #
> # This program is free software; you can redistribute it and/or modify
> # it under the terms of the GNU General Public License as published by
> @@ -19,6 +16,10 @@
> # Copyright (C) 2013 Red Hat, Inc.
> # All rights reserved.
> #
> +# Authors:
> +# Abhishek Koneru <akoneru at redhat.com>
> +# Ade Lee <alee at redhat.com>
> +#
> """
> Module containing the Python client classes for the KeyClient and
> KeyRequestClient REST API on a DRM
> @@ -32,17 +33,6 @@ import pki
> import pki.encoder as encoder
>
>
> -#pylint: disable-msg=R0903
> -class KeyId(object):
> - """
> - Class representing a key ID
> - """
> -
> - def __init__(self, key_id=None):
> - """ Constructor """
> - self.value = key_id
> -
> -
> #should be moved to request.py
> #pylint: disable-msg=R0903
> class RequestId(object):
> @@ -63,6 +53,10 @@ class KeyData(object):
> to send information of the key in the key retrieval requests.
> """
>
> + json_attribute_names = {
> + 'nonceData': 'nonce_data', 'wrappedPrivateData': 'wrapped_private_data'
> + }
> +
> # pylint: disable-msg=C0103
> def __init__(self):
> """ Constructor """
> @@ -75,10 +69,11 @@ class KeyData(object):
> def from_json(cls, attr_list):
> """ Return a KeyData object from a JSON dict """
> key_data = cls()
> - key_data.algorithm = attr_list['algorithm']
> - key_data.nonce_data = attr_list['nonceData']
> - key_data.size = attr_list['size']
> - key_data.wrapped_private_data = attr_list['wrappedPrivateData']
> + for k, v in attr_list.items():
> + if k in KeyData.json_attribute_names:
> + setattr(key_data, KeyData.json_attribute_names[k], v)
> + else:
> + setattr(key_data, k, v)
> return key_data
>
>
> @@ -108,6 +103,11 @@ class KeyInfo(object):
> contain the secret itself.
> """
>
> + json_attribute_names = {
> + 'clientKeyID': 'client_key_id', 'keyURL': 'key_url',
> + 'ownerName': 'owner_name'
> + }
> +
> # pylint: disable-msg=C0103
> def __init__(self):
> """ Constructor """
> @@ -122,12 +122,11 @@ class KeyInfo(object):
> def from_json(cls, attr_list):
> """ Return KeyInfo from JSON dict """
> key_info = cls()
> - key_info.client_key_id = attr_list['clientKeyID']
> - key_info.key_url = attr_list['keyURL']
> - key_info.algorithm = attr_list['algorithm']
> - key_info.status = attr_list['status']
> - key_info.owner_name = attr_list['ownerName']
> - key_info.size = attr_list['size']
> + for k, v in attr_list.items():
> + if k in KeyInfo.json_attribute_names:
> + setattr(key_info, KeyInfo.json_attribute_names[k], v)
> + else:
> + setattr(key_info, k, v)
> return key_info
>
> def get_key_id(self):
> @@ -169,6 +168,11 @@ class KeyRequestInfo(object):
> key generation etc.) in the DRM.
> """
>
> + json_attribute_names = {
> + 'requestURL': 'request_url', 'requestType': 'request_type',
> + 'keyURL': 'key_url', 'requestStatus': 'request_status'
> + }
> +
> # pylint: disable-msg=C0103
> def __init__(self):
> """ Constructor """
> @@ -181,27 +185,28 @@ class KeyRequestInfo(object):
> def from_json(cls, attr_list):
> """ Return a KeyRequestInfo object from a JSON dict. """
> key_request_info = cls()
> - key_request_info.request_url = attr_list['requestURL']
> - key_request_info.request_type = attr_list['requestType']
> + for k, v in attr_list.items():
> + if k in KeyRequestInfo.json_attribute_names:
> + setattr(key_request_info,
> + KeyRequestInfo.json_attribute_names[k], v)
> + else:
> + setattr(key_request_info, k, v)
>
> - if 'keyURL' in attr_list:
> - key_request_info.key_url = attr_list['keyURL']
>
> - key_request_info.request_status = attr_list['requestStatus']
> return key_request_info
>
> def get_request_id(self):
> """ Return the request ID by parsing the request URL. """
> if self.request_url is not None:
> - indx = str(self.request_url).rfind("/") + 1
> - return str(self.request_url)[indx:]
> + index = str(self.request_url).rfind("/") + 1
> + return str(self.request_url)[index:]
> return None
>
> def get_key_id(self):
> """ Return the ID of the secret referred to by this request. """
> if self.key_url is not None:
> - indx = str(self.key_url).rfind("/") + 1
> - return str(self.key_url)[indx:]
> + index = str(self.key_url).rfind("/") + 1
> + return str(self.key_url)[index:]
> return None
>
>
> diff --git a/base/common/python/pki/kraclient.py b/base/common/python/pki/kra.py
> similarity index 100%
> rename from base/common/python/pki/kraclient.py
> rename to base/common/python/pki/kra.py
> diff --git a/base/kra/functional/drmtest.py b/base/kra/functional/drmtest.py
> index 0fff95c2e3a8d1e7c7414bb0c7c5b568006957fa..9ef096194793a37f7ed3290d43e58a366522f718 100644
> --- a/base/kra/functional/drmtest.py
> +++ b/base/kra/functional/drmtest.py
> @@ -1,21 +1,23 @@
> -# Authors:
> -# Ade Lee <alee at redhat.com>
> -#
> -# Copyright (C) 2012 Red Hat
> -# see file 'COPYING' for use and warranty information
> +#!/usr/bin/python
> #
> # This program is free software; you can redistribute it and/or modify
> # it under the terms of the GNU General Public License as published by
> -# the Free Software Foundation, either version 3 of the License, or
> -# (at your option) any later version.
> +# the Free Software Foundation; version 2 of the License.
> #
> # This program is distributed in the hope that it will be useful,
> # but WITHOUT ANY WARRANTY; without even the implied warranty of
> # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> # GNU General Public License for more details.
> #
> -# You should have received a copy of the GNU General Public License
> -# along with this program. If not, see <http://www.gnu.org/licenses/>.
> +# You should have received a copy of the GNU General Public License along
> +# with this program; if not, write to the Free Software Foundation, Inc.,
> +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> +#
> +# Copyright (C) 2013 Red Hat, Inc.
> +# All rights reserved.
> +#
> +# Authors:
> +# Ade Lee <alee at redhat.com>
>
> """
> =========================================================================
> @@ -36,7 +38,7 @@ import pki.key as key
> import time
>
> from pki.client import PKIConnection
> -from pki.kraclient import KRAClient
> +from pki.kra import KRAClient
>
>
> def print_key_request(request):
> @@ -44,7 +46,7 @@ def print_key_request(request):
> print "RequestURL: " + str(request.request_url)
> print "RequestType: " + str(request.request_type)
> print "RequestStatus: " + str(request.request_status)
> - print "KeyURL: " + str(request.keyURL)
> + print "KeyURL: " + str(request.key_url)
>
>
> def print_key_info(key_info):
> @@ -62,7 +64,8 @@ def print_key_data(key_data):
> print "Key Algorithm: " + str(key_data.algorithm)
> print "Key Size: " + str(key_data.size)
> print "Nonce Data: " + base64.encodestring(key_data.nonce_data)
> - print "Wrapped Private Data: " + base64.encodestring(key_data.encrypted_data)
> + print "Wrapped Private Data: " + \
> + base64.encodestring(key_data.encrypted_data)
> if key_data.data is not None:
> print "Private Data: " + base64.encodestring(key_data.data)
>
> @@ -72,12 +75,13 @@ def main():
>
> # set up the connection to the DRM, including authentication credentials
> connection = PKIConnection('https', 'localhost', '8443', 'kra')
> - connection.set_authentication_cert('/tmp/temp4.pem')
> + connection.set_authentication_cert('/tmp/auth.pem')
>
> # create an NSS DB for crypto operations
> certdb_dir = "/tmp/drmtest-certdb"
> certdb_password = "redhat123"
> - cryptoutil.NSSCryptoUtil.setup_database(certdb_dir, certdb_password, over_write=True)
> + cryptoutil.NSSCryptoUtil.setup_database(certdb_dir, certdb_password,
> + over_write=True)
>
> #create kraclient
> crypto = cryptoutil.NSSCryptoUtil(certdb_dir, certdb_password)
> @@ -87,7 +91,9 @@ def main():
> # Get transport cert and insert in the certdb
> transport_nick = "kra transport cert"
> transport_cert = kraclient.system_certs.get_transport_cert()
> - tcert = transport_cert[len(pki.CERT_HEADER):len(transport_cert) - len(pki.CERT_FOOTER)]
> + print transport_cert
> + tcert = transport_cert[len(pki.CERT_HEADER):len(transport_cert) - len(
> + pki.CERT_FOOTER)]
> crypto.import_cert(transport_nick, base64.decodestring(tcert), "u,u,u")
>
> # initialize the certdb for crypto operations
> @@ -117,18 +123,20 @@ def main():
> client_key_id = "Vek #1" + time.strftime('%c')
> algorithm = "AES"
> key_size = 128
> - usages = [key.SymKeyGenerationRequest.DECRYPT_USAGE, key.SymKeyGenerationRequest.ENCRYPT_USAGE]
> + usages = [key.SymKeyGenerationRequest.DECRYPT_USAGE,
> + key.SymKeyGenerationRequest.ENCRYPT_USAGE]
> response = keyclient.generate_symmetric_key(client_key_id,
> algorithm=algorithm,
> size=key_size,
> usages=usages)
> - print_key_request(response.requestInfo)
> - print "Request ID is " + response.requestInfo.get_request_id()
> + print_key_request(response.request_info)
> + print "Request ID is " + response.request_info.get_request_id()
> key_id = response.get_key_id()
>
> # Test 5: Confirm the key_id matches
> print "Now getting key ID for clientKeyID=\"" + client_key_id + "\""
> - key_infos = keyclient.list_keys(client_key_id=client_key_id, status=keyclient.KEY_STATUS_ACTIVE)
> + key_infos = keyclient.list_keys(client_key_id=client_key_id,
> + status=keyclient.KEY_STATUS_ACTIVE)
> key_id2 = None
> for key_info in key_infos.key_infos:
> print_key_info(key_info)
> @@ -138,11 +146,14 @@ def main():
> else:
> print "Failure - key_ids for generation do not match!"
>
> - # Test 6: Barbican_decode() - Retrieve while providing trans_wrapped_session_key
> + # Test 6: Barbican_decode() - Retrieve while providing
> + # trans_wrapped_session_key
> session_key = crypto.generate_session_key()
> - wrapped_session_key = crypto.asymmetric_wrap(session_key, keyclient.transport_cert)
> + wrapped_session_key = crypto.asymmetric_wrap(session_key,
> + keyclient.transport_cert)
> print "My key id is " + str(key_id)
> - key_data = keyclient.retrieve_key(key_id, trans_wrapped_session_key=wrapped_session_key)
> + key_data = keyclient.retrieve_key(
> + key_id, trans_wrapped_session_key=wrapped_session_key)
> print_key_data(key_data)
> unwrapped_key = crypto.symmetric_unwrap(key_data.encrypted_data,
> session_key,
> @@ -170,21 +181,24 @@ def main():
> size=key_size,
> usages=usages)
> except pki.BadRequestException as exc:
> - print "BadRequestException thrown - Code:" + exc.code + " Message: " + exc.message
> + print "BadRequestException thrown - Code:" + exc.code +\
> + " Message: " + exc.message
>
> # Test 11 - Test RequestNotFoundException on get_request_info
> print "Try to list a nonexistent request"
> try:
> keyclient.get_request_info('200000034')
> except pki.RequestNotFoundException as exc:
> - print "RequestNotFoundException thrown - Code:" + exc.code + " Message: " + exc.message
> + print "RequestNotFoundException thrown - Code:" + exc.code +\
> + " Message: " + exc.message
>
> # Test 12 - Test exception on retrieve_key.
> print "Try to retrieve an invalid key"
> try:
> keyclient.retrieve_key('2000003434')
> except pki.KeyNotFoundException as exc:
> - print "KeyNotFoundException thrown - Code:" + exc.code + " Message: " + exc.message
> + print "KeyNotFoundException thrown - Code:" + exc.code + \
> + " Message: " + exc.message
>
> #Test 13 = getKeyInfo
> print "Get key info for existing key"
> @@ -206,7 +220,8 @@ def main():
> try:
> keyclient.get_key_info('200004556')
> except pki.KeyNotFoundException as exc:
> - print "KeyNotFoundException thrown - Code:" + exc.code + " Message: " + exc.message
> + print "KeyNotFoundException thrown - Code:" + exc.code +\
> + " Message: " + exc.message
>
> # Test 17: Get key info for non-existent active key
> print "Get non-existent active key"
> @@ -214,7 +229,8 @@ def main():
> key_info = keyclient.get_active_key_info(client_key_id)
> print_key_info(key_info)
> except pki.ResourceNotFoundException as exc:
> - print "ResourceNotFoundException thrown - Code: " + exc.code + "Message: " + exc.message
> + print "ResourceNotFoundException thrown - Code: " + exc.code +\
> + "Message: " + exc.message
>
> #Test 18: Generate a symmetric key with default parameters
> client_key_id = "Vek #3" + time.strftime('%c')
> @@ -226,7 +242,8 @@ def main():
> print "key to archive: " + key1
> client_key_id = "Vek #4" + time.strftime('%c')
>
> - response = keyclient.archive_key(client_key_id, keyclient.SYMMETRIC_KEY_TYPE,
> + response = keyclient.archive_key(client_key_id,
> + keyclient.SYMMETRIC_KEY_TYPE,
> base64.decodestring(key1),
> key_algorithm=keyclient.AES_ALGORITHM,
> key_size=128)
> --
> 1.8.5.3
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list