Commit 1a10a495 authored by Vincent Pelletier's avatar Vincent Pelletier

all: Word-wrap.

parent 411d5b66
......@@ -167,7 +167,10 @@ class CertificateAuthority(object):
])
if ca_life_period < 3:
raise ValueError("ca_life_period must be >= 3 to allow CA rollout")
self._crl_life_time = datetime.timedelta(crt_life_time * crl_renew_period, 0)
self._crl_life_time = datetime.timedelta(
crt_life_time * crl_renew_period,
0,
)
self._ca_life_time = datetime.timedelta(crt_life_time * ca_life_period, 0)
self._loadCAKeyPairList()
self._renewCAIfNeeded()
......@@ -182,7 +185,10 @@ class CertificateAuthority(object):
def _loadCAKeyPairList(self):
ca_key_pair_list = []
for pem_key_pair in self._storage.getCAKeyPairList():
utils.validateCertAndKey(pem_key_pair['crt_pem'], pem_key_pair['key_pem'])
utils.validateCertAndKey(
pem_key_pair['crt_pem'],
pem_key_pair['key_pem'],
)
ca_key_pair_list.append({
'crt': utils.load_ca_certificate(pem_key_pair['crt_pem']),
'key': utils.load_privatekey(pem_key_pair['key_pem']),
......@@ -302,7 +308,9 @@ class CertificateAuthority(object):
),
Extension(
x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(
ca_crt.extensions.get_extension_for_class(x509.SubjectKeyIdentifier),
ca_crt.extensions.get_extension_for_class(
x509.SubjectKeyIdentifier,
),
),
critical=False, # "MUST mark this extension as non-critical"
),
......@@ -349,7 +357,8 @@ class CertificateAuthority(object):
decipher_only =decipher_only,
# pylint: enable=bad-whitespace
),
critical=key_usage_extension.critical, # "SHOULD mark this extension critical"
# "SHOULD mark this extension critical"
critical=key_usage_extension.critical,
)
try:
extended_key_usage = template_csr.extensions.get_extension_for_class(
......@@ -403,7 +412,9 @@ class CertificateAuthority(object):
# "auto-signed" one...
policy_list = [
x for x in certificate_policies.value
if not x.policy_identifier.dotted_string.startswith(utils.CAUCASE_OID_TOP)
if not x.policy_identifier.dotted_string.startswith(
utils.CAUCASE_OID_TOP,
)
]
if auto_signed == _AUTO_SIGNED_YES:
# ...but do add auto-signed extension if we are auto-signing.
......@@ -438,7 +449,8 @@ class CertificateAuthority(object):
"""
if (
self._ca_key_size is not None and not self._ca_key_pairs_list or (
self._ca_key_pairs_list[-1]['crt'].not_valid_after - datetime.datetime.utcnow()
self._ca_key_pairs_list[-1]['crt'].not_valid_after -
datetime.datetime.utcnow()
).total_seconds() / self._crt_life_time.total_seconds() <= 2
) and self._ca_renewal_lock.acquire(False):
try:
......@@ -510,7 +522,8 @@ class CertificateAuthority(object):
),
Extension(
x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(
# Dummy extension, from_issuer_subject_key_identifier accesses .data directly
# Dummy extension, from_issuer_subject_key_identifier accesses
# .data directly
Extension(
subject_key_identifier,
critical=False,
......@@ -520,8 +533,8 @@ class CertificateAuthority(object):
),
],
)
# Copy all extensions, except the ones which depend on the key (and which
# we just set).
# Copy all extensions, except the ones which depend on the key (and
# which we just set).
skipped_extension_oid_set = (
x509.SubjectKeyIdentifier.oid,
x509.AuthorityKeyIdentifier.oid,
......@@ -567,8 +580,8 @@ class CertificateAuthority(object):
# using it.
break
else:
# No CA cert is valid for more than one certificate life time, so just pick
# the newest one.
# No CA cert is valid for more than one certificate life time, so just
# pick the newest one.
key_pair = self._ca_key_pairs_list[-1]
return key_pair
......
......@@ -92,7 +92,7 @@ class CLICaucaseClient(object):
except CaucaseError, e:
if e.args[0] != httplib.NOT_FOUND:
raise
print crt_id, 'not found - either csr id has a typo or CSR was rejected'
print crt_id, 'not found - maybe CSR was rejected ?'
error = True
else:
print crt_id, 'CSR still pending'
......@@ -175,7 +175,11 @@ class CLICaucaseClient(object):
error = True
continue
try:
old_crt = utils.load_certificate(old_crt_pem, ca_certificate_list, None)
old_crt = utils.load_certificate(
old_crt_pem,
ca_certificate_list,
None,
)
except exceptions.CertificateVerificationError:
print crt_path, (
'was not signed by this CA, revoked or otherwise invalid, skipping'
......@@ -278,7 +282,8 @@ def main(argv=None):
Command line caucase client entry point.
"""
parser = argparse.ArgumentParser(description='caucase')
# XXX: currently, it is the server which chooses which digest is used to sign stuff.
# XXX: currently, it is the server which chooses which digest is used to sign
# stuff.
# Should clients be able to tell it how to sign (and server could reject) ?
parser.add_argument(
'--ca-url',
......@@ -657,8 +662,9 @@ def updater(argv=None):
'--key',
metavar='KEY_PATH',
help='Path of your private key file. Must always exist when this command '
'is started. Will be updated on certificate renewal. If not provided, both '
'key and certificate will be stored in the file pointed at by --crt .',
'is started. Will be updated on certificate renewal. If not provided, '
'both key and certificate will be stored in the file pointed at by '
'--crt .',
)
parser.add_argument(
'--crt',
......@@ -756,7 +762,13 @@ def updater(argv=None):
crt_file.write(new_key_pem)
crt_file.write(new_crt_pem)
else:
with open(args.crt, 'w') as crt_file, open(key_path, 'w') as key_file:
with open(
args.crt,
'w',
) as crt_file, open(
key_path,
'w',
) as key_file:
key_file.write(new_key_pem)
crt_file.write(new_crt_pem)
updated = True
......@@ -812,7 +824,9 @@ def rerequest(argv=None):
'default: %(default)s',
)
args = parser.parse_args(argv)
template = utils.load_certificate_request(utils.getCertRequest(args.template))
template = utils.load_certificate_request(
utils.getCertRequest(args.template),
)
key = utils.generatePrivateKey(key_len=args.key_len)
csr_pem = utils.dump_certificate_request(
x509.CertificateSigningRequestBuilder(
......
......@@ -76,7 +76,9 @@ class ThreadingWSGIServer(ThreadingMixIn, WSGIServer):
def __init__(self, server_address, *args, **kw):
self.address_family, _, _, _, _ = socket.getaddrinfo(*server_address)[0]
assert self.address_family in (socket.AF_INET, socket.AF_INET6), self.address_family
assert self.address_family in (socket.AF_INET, socket.AF_INET6), (
self.address_family,
)
WSGIServer.__init__(self, server_address, *args, **kw)
class CaucaseWSGIRequestHandler(WSGIRequestHandler):
......@@ -94,7 +96,9 @@ class CaucaseWSGIRequestHandler(WSGIRequestHandler):
timezone (including DST considerations), time it always logged in GMT
"""
now = datetime.datetime.utcnow()
return now.strftime('%d/' + self.monthname[now.month] + '/%Y:%H:%M:%S +0000')
return now.strftime(
'%d/' + self.monthname[now.month] + '/%Y:%H:%M:%S +0000',
)
class CaucaseSSLWSGIRequestHandler(CaucaseWSGIRequestHandler):
"""
......
......@@ -227,7 +227,12 @@ class SQLite3Storage(local):
),
)
def appendCertificateSigningRequest(self, csr_pem, key_id, override_limits=False):
def appendCertificateSigningRequest(
self,
csr_pem,
key_id,
override_limits=False,
):
"""
Store acertificate signing request and generate a unique ID for it.
Note: ID uniqueness is only guaranteed among pending CSR, and may be reused
......
......@@ -109,7 +109,10 @@ class CaucaseTest(unittest.TestCase):
# pylint: enable=bad-whitespace
os.mkdir(self._server_backup_path)
self._server_netloc = netloc = os.getenv('CAUCASE_NETLOC', 'localhost:8000')
self._server_netloc = netloc = os.getenv(
'CAUCASE_NETLOC',
'localhost:8000',
)
self._caucase_url = 'http://' + netloc
parsed_url = urlparse.urlparse(self._caucase_url)
self.assertFalse(
......@@ -706,7 +709,7 @@ class CaucaseTest(unittest.TestCase):
).splitlines()
self.assertRaises(TypeError, utils.getCert, key_path)
self.assertEqual([
csr_id + ' not found - either csr id has a typo or CSR was rejected'
csr_id + ' not found - maybe CSR was rejected ?'
], out)
def testBadCSR(self):
......
......@@ -218,7 +218,9 @@ def _verifyCertificateChain(cert, trusted_cert_list, crl):
crypto.X509StoreContextError,
crypto.Error,
), e:
raise CertificateVerificationError('Certificate verification error: %s' % str(e))
raise CertificateVerificationError(
'Certificate verification error: %s' % str(e),
)
def wrap(payload, key, digest):
"""
......
......@@ -98,7 +98,8 @@ class InsufficientStorage(ApplicationError):
"""
No storage slot available (not necessarily out of disk space)
"""
# httplib lacks the textual description for 507, although it has the constant...
# httplib lacks the textual description for 507, although it has the
# constant...
status = '%i Insufficient Storage' % (httplib.INSUFFICIENT_STORAGE, )
STATUS_OK = _getStatus(httplib.OK)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment