client: Name API after protocol documentation.

caucase/cli.py

@@ -65,14 +65,14 @@ class CLICaucaseClient(object):
       csr_pem = utils.getCertRequest(csr_path)
       # Quick sanity check
       utils.load_certificate_request(csr_pem)
-      print self._client.putCSR(csr_pem), csr_path
+      print self._client.createCertificateSigningRequest(csr_pem), csr_path
 
   def getCSR(self, csr_id_path_list):
     """
     --get-csr
     """
     for csr_id, csr_path in csr_id_path_list:
-      csr_pem = self._client.getCSR(int(csr_id))
+      csr_pem = self._client.getCertificateSigningRequest(int(csr_id))
       with open(csr_path, 'a') as csr_file:
         csr_file.write(csr_pem)
 
@@ -83,12 +83,12 @@ class CLICaucaseClient(object):
     for crt_id, crt_path in crt_id_path_list:
       crt_id = int(crt_id)
       try:
-        crt_pem = self._client.getCRT(crt_id)
+        crt_pem = self._client.getCertificate(crt_id)
       except CaucaseError, e:
         if e.args[0] != httplib.NOT_FOUND:
           raise
         try:
-          self._client.getCSR(crt_id)
+          self._client.getCertificateSigningRequest(crt_id)
         except CaucaseError, e:
           if e.args[0] != httplib.NOT_FOUND:
             raise
@@ -145,7 +145,7 @@ class CLICaucaseClient(object):
         )
         error = True
         continue
-      self._client.revokeCRT(crt, key)
+      self._client.revokeCertificate(crt, key)
     return error
 
   def renewCRT(
@@ -184,7 +184,7 @@ class CLICaucaseClient(object):
       if renewal_deadline < old_crt.not_valid_after:
         print crt_path, 'did not reach renew threshold, not renewing'
         continue
-      new_key_pem, new_crt_pem = self._client.renewCRT(
+      new_key_pem, new_crt_pem = self._client.renewCertificate(
         old_crt=old_crt,
         old_key=utils.load_privatekey(old_key_pem),
         key_len=key_len,
@@ -209,7 +209,7 @@ class CLICaucaseClient(object):
       'csr_id',
       'subject preview (fetch csr and check full content !)',
     )
-    for entry in self._client.getCSRList():
+    for entry in self._client.getPendingCertificateRequestList():
       csr = utils.load_certificate_request(entry['csr'])
       print '%20i | %r' % (
         entry['id'],
@@ -222,14 +222,14 @@ class CLICaucaseClient(object):
     --sign-csr
     """
     for csr_id in csr_id_list:
-      self._client.signCSR(int(csr_id))
+      self._client.createCertificate(int(csr_id))
 
   def signCSRWith(self, csr_id_path_list):
     """
     --sign-csr-with
     """
     for csr_id, csr_path in csr_id_path_list:
-      self._client.signCSR(
+      self._client.createCertificate(
         int(csr_id),
         template_csr=utils.getCertRequest(csr_path),
       )
@@ -239,7 +239,7 @@ class CLICaucaseClient(object):
     --reject-csr
     """
     for csr_id in csr_id_list:
-      self._client.deleteCSR(int(csr_id))
+      self._client.deletePendingCertificateRequest(int(csr_id))
 
   def revokeOtherCRT(self, crt_list):
     """
@@ -263,7 +263,7 @@ class CLICaucaseClient(object):
             crt_path,
           )
         )
-      self._client.revokeCRT(crt_pem)
+      self._client.revokeCertificate(crt_pem)
     return error
 
   def revokeSerial(self, serial_list):
@@ -573,14 +573,14 @@ def probe(argv=None):
   http_client = CaucaseClient(
     ca_url=cas_url,
   )
-  http_ca_pem = http_client.getCA()
+  http_ca_pem = http_client.getCACertificate()
   https_ca_pem = HTTPSOnlyCaucaseClient(
     ca_url=cas_url,
     ca_crt_pem_list=[http_ca_pem],
-  ).getCA()
+  ).getCACertificate()
   # Retrieve again in case there was a renewal between both calls - we do
   # not expect 2 renewals in very short succession.
-  http2_ca_pem = http_client.getCA()
+  http2_ca_pem = http_client.getCACertificate()
   if https_ca_pem not in (http_ca_pem, http2_ca_pem):
     raise ValueError('http and https do not serve the same caucase database')
 
@@ -700,18 +700,18 @@ def updater(argv=None):
       csr_pem = utils.getCertRequest(args.csr)
       # Quick sanity check before bothering server
       utils.load_certificate_request(csr_pem)
-      csr_id = client.putCSR(csr_pem)
+      csr_id = client.createCertificateSigningRequest(csr_pem)
       print 'Waiting for signature of', csr_id
       while True:
         try:
-          crt_pem = client.getCRT(csr_id)
+          crt_pem = client.getCertificate(csr_id)
         except CaucaseError, e:
           if e.args[0] != httplib.NOT_FOUND:
             raise
           # If server does not know our CSR anymore, getCSR will raise.
           # If it does, we were likely rejected, so exit by letting exception
           # through.
-          client.getCSR(csr_id)
+          client.getCertificateSigningRequest(csr_id)
           # Still here ? Ok, wait a bit and try again.
           utils.interruptibleSleep(60)
         else:
@@ -746,7 +746,7 @@ def updater(argv=None):
       next_deadline = crt.not_valid_after - threshold
       if next_deadline <= now:
         print 'Renewing', args.crt
-        new_key_pem, new_crt_pem = client.renewCRT(
+        new_key_pem, new_crt_pem = client.renewCertificate(
           old_crt=crt,
           old_key=utils.load_privatekey(key_pem),
           key_len=args.key_len,

caucase/client.py

@@ -61,7 +61,7 @@ def updateCAFile(url, ca_crt_path):
   if not os.path.exists(ca_crt_path):
     ca_pem = CaucaseClient(
       ca_url=url,
-    ).getCA()
+    ).getCACertificate()
     with open(ca_crt_path, 'w') as ca_crt_file:
       ca_crt_file.write(ca_pem)
     updated = True
@@ -78,7 +78,7 @@ def updateCAFile(url, ca_crt_path):
     CaucaseClient(
       ca_url=url,
       ca_crt_pem_list=ca_pem_list,
-    ).getNewCAList(),
+    ).getCACertificateChain(),
   )
   if ca_pem_list != loaded_ca_pem_list:
     data = ''.join(ca_pem_list)
@@ -107,7 +107,7 @@ def updateCRLFile(url, crl_path, ca_list):
     my_crl = None
   latest_crl_pem = CaucaseClient(
     ca_url=url,
-  ).getCRL()
+  ).getCertificateRevocationList()
   latest_crl = utils.load_crl(latest_crl_pem, ca_list)
   if latest_crl != my_crl:
     with open(crl_path, 'w') as crl_file:
@@ -166,19 +166,19 @@ class CaucaseClient(object):
   def _https(self, method, url, body=None, headers=None):
     return self._request(self._https_connection, method, url, body, headers)
 
-  def getCRL(self):
+  def getCertificateRevocationList(self):
     """
     [ANONYMOUS] Retrieve latest CRL.
     """
     return self._http('GET', '/crl')
 
-  def getCSR(self, csr_id):
+  def getCertificateSigningRequest(self, csr_id):
     """
     [ANONYMOUS] Retrieve an CSR by its identifier.
     """
     return self._http('GET', '/csr/%i' % (csr_id, ))
 
-  def getCSRList(self):
+  def getPendingCertificateRequestList(self):
     """
     [AUTHENTICATED] Retrieve all pending CSRs.
     """
@@ -190,7 +190,7 @@ class CaucaseClient(object):
       for x in json.loads(self._https('GET', '/csr'))
     ]
 
-  def putCSR(self, csr):
+  def createCertificateSigningRequest(self, csr):
     """
     [ANONYMOUS] Store a CSR and return its identifier.
     """
@@ -198,29 +198,29 @@ class CaucaseClient(object):
       'Content-Type': 'application/pkcs10',
     }))
 
-  def deleteCSR(self, csr_id):
+  def deletePendingCertificateRequest(self, csr_id):
     """
     [AUTHENTICATED] Reject a pending CSR.
     """
     self._https('DELETE', '/csr/%i' % (csr_id, ))
 
-  def _getCRT(self, crt_id):
+  def _getCertificate(self, crt_id):
     return self._http('GET', '/crt' + crt_id)
 
-  def getCRT(self, csr_id):
+  def getCertificate(self, csr_id):
     """
     [ANONYMOUS] Retrieve CRT by its identifier (same as corresponding CRL
     identifier).
     """
-    return self._getCRT('/%i' % (csr_id, ))
+    return self._getCertificate('/%i' % (csr_id, ))
 
-  def getCA(self):
+  def getCACertificate(self):
     """
     [ANONYMOUS] Retrieve current CA certificate.
     """
-    return self._getCRT('/ca.crt.pem')
+    return self._getCertificate('/ca.crt.pem')
 
-  def getNewCAList(self):
+  def getCACertificateChain(self):
     """
     [ANONYMOUS] Retrieve CA certificate chain, with CA certificate N+1 signed
     by CA certificate N, allowing automated CA cert rollout.
@@ -234,7 +234,7 @@ class CaucaseClient(object):
       key=lambda x: x.not_valid_before,
     )[-1]
     result = []
-    for entry in json.loads(self._getCRT('/ca.crt.json')):
+    for entry in json.loads(self._getCertificate('/ca.crt.json')):
       try:
         payload = utils.unwrap(
           entry,
@@ -257,7 +257,7 @@ class CaucaseClient(object):
         previous_ca = utils.load_ca_certificate(new_pem)
     return result
 
-  def renewCRT(self, old_crt, old_key, key_len):
+  def renewCertificate(self, old_crt, old_key, key_len):
     """
     [ANONYMOUS] Request certificate renewal.
     """
@@ -292,7 +292,7 @@ class CaucaseClient(object):
       ),
     )
 
-  def revokeCRT(self, crt, key=None):
+  def revokeCertificate(self, crt, key=None):
     """
     Revoke certificate.
     [ANONYMOUS] if key is provided.
@@ -334,7 +334,7 @@ class CaucaseClient(object):
       {'Content-Type': 'application/json'},
     )
 
-  def signCSR(self, csr_id, template_csr=''):
+  def createCertificate(self, csr_id, template_csr=''):
     """
     [AUTHENTICATED] Sign certificate signing request.
     """

caucase/test.py

@@ -722,7 +722,7 @@ class CaucaseTest(unittest.TestCase):
     """
     client = CaucaseClient(self._caucase_url + '/cas')
     try:
-      client.putCSR('Not actually a CSR')
+      client.createCertificateSigningRequest('Not actually a CSR')
     except CaucaseError, e:
       self.assertEqual(e.args[0], 400, e)
     else: