/usr/lib/python2.7/dist-packages/pki/client.py is in pki-base 10.6.0-1ubuntu2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 | # Authors:
# Endi S. Dewata <edewata@redhat.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the Lesser GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with this program; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Copyright (C) 2013 Red Hat, Inc.
# All rights reserved.
#
from __future__ import absolute_import
from __future__ import print_function
import functools
import warnings
import requests
try:
from requests.packages.urllib3.exceptions import InsecureRequestWarning
except ImportError:
from urllib3.exceptions import InsecureRequestWarning
def catch_insecure_warning(func):
"""Temporary silence InsecureRequestWarning
PKIConnection is not able to verify HTTPS connections yet. This decorator
catches the warning.
:see: https://fedorahosted.org/pki/ticket/1253
"""
@functools.wraps(func)
def wrapper(self, *args, **kwargs):
with warnings.catch_warnings():
warnings.simplefilter('ignore', InsecureRequestWarning)
return func(self, *args, **kwargs)
return wrapper
class PKIConnection:
"""
Class to encapsulate the connection between the client and a Dogtag
subsystem.
"""
def __init__(self, protocol='http', hostname='localhost', port='8080',
subsystem='ca', accept='application/json',
trust_env=None):
"""
Set the parameters for a python-requests based connection to a
Dogtag subsystem.
:param protocol: http or https
:type protocol: str
:param hostname: hostname of server
:type hostname: str
:param port: port of server
:type port: str
:param subsystem: ca, kra, ocsp, tks or tps
:type subsystem: str
:param accept: value of accept header. Supported values are usually
'application/json' or 'application/xml'
:type accept: str
:param trust_env: use environment variables for http proxy and other
requests settings (default: yes)
:type trust_env: bool, None
:return: PKIConnection object.
"""
self.protocol = protocol
self.hostname = hostname
self.port = port
self.subsystem = subsystem
self.rootURI = self.protocol + '://' + self.hostname + ':' + self.port
self.serverURI = self.rootURI + '/' + self.subsystem
self.session = requests.Session()
self.session.trust_env = trust_env
if accept:
self.session.headers.update({'Accept': accept})
def authenticate(self, username=None, password=None):
"""
Set the parameters used for authentication if username/password is to
be used. Both username and password must not be None.
Note that this method only sets the parameters. Actual authentication
occurs when the connection is attempted,
:param username: username to authenticate connection
:param password: password to authenticate connection
:return: None
"""
if username is not None and password is not None:
self.session.auth = (username, password)
def set_authentication_cert(self, pem_cert_path, pem_key_path=None):
"""
Set the path to the PEM file containing the certificate and private key
for the client certificate to be used for authentication to the server,
when client certificate authentication is required. The private key may
optionally be stored in a different path.
:param pem_cert_path: path to the PEM file
:type pem_cert_path: str
:param pem_key_path: path to the PEM-formatted private key file
:type pem_key_path: str
:return: None
:raises: Exception if path is empty or None.
"""
if pem_cert_path is None:
raise Exception("No path for the certificate specified.")
if len(str(pem_cert_path)) == 0:
raise Exception("No path for the certificate specified.")
if pem_key_path is not None:
self.session.cert = (pem_cert_path, pem_key_path)
else:
self.session.cert = pem_cert_path
@catch_insecure_warning
def get(self, path, headers=None, params=None, payload=None,
use_root_uri=False, timeout=None):
"""
Uses python-requests to issue a GET request to the server.
:param path: path URI for the GET request
:type path: str
:param headers: headers for the GET request
:type headers: dict
:param params: Query parameters for the GET request
:type params: dict or bytes
:param payload: data to be sent in the body of the request
:type payload: dict, bytes, file-like object
:param use_root_uri: use root URI instead of subsystem URI as base
:type use_root_uri: boolean
:returns: request.response -- response from the server
:raises: Exception from python-requests in case the GET was not
successful, or returns an error code.
"""
if use_root_uri:
target_path = self.rootURI + path
else:
target_path = self.serverURI + path
r = self.session.get(
target_path,
verify=False,
headers=headers,
params=params,
data=payload,
timeout=timeout,
)
r.raise_for_status()
return r
@catch_insecure_warning
def post(self, path, payload, headers=None, params=None,
use_root_uri=False):
"""
Uses python-requests to issue a POST request to the server.
:param path: path URI for the POST request
:type path: str
:param payload: data to be sent in the body of the request
:type payload: dict, bytes, file-like object
:param headers: headers for the POST request
:type headers: dict
:param params: Query parameters for the POST request
:type params: dict or bytes
:param use_root_uri: use root URI instead of subsystem URI as base
:type use_root_uri: boolean
:returns: request.response -- response from the server
:raises: Exception from python-requests in case the POST was not
successful, or returns an error code.
"""
if use_root_uri:
target_path = self.rootURI + path
else:
target_path = self.serverURI + path
r = self.session.post(
target_path,
verify=False,
data=payload,
headers=headers,
params=params)
r.raise_for_status()
return r
@catch_insecure_warning
def put(self, path, payload, headers=None, use_root_uri=False):
"""
Uses python-requests to issue a PUT request to the server.
:param path: path URI for the PUT request
:type path: str
:param payload: data to be sent in the body of the request
:type payload: dict, bytes, file-like object
:param headers: headers for the PUT request
:type headers: dict
:param use_root_uri: use root URI instead of subsystem URI as base
:type use_root_uri: boolean
:returns: request.response -- response from the server
:raises: Exception from python-requests in case the PUT was not
successful, or returns an error code.
"""
if use_root_uri:
target_path = self.rootURI + path
else:
target_path = self.serverURI + path
r = self.session.put(target_path, payload, headers=headers)
r.raise_for_status()
return r
@catch_insecure_warning
def delete(self, path, headers=None, use_root_uri=False):
"""
Uses python-requests to issue a DEL request to the server.
:param path: path URI for the DEL request
:type path: str
:param headers: headers for the DEL request
:type headers: dict
:param use_root_uri: use root URI instead of subsystem URI as base
:type use_root_uri: boolean
:returns: request.response -- response from the server
:raises: Exception from python-requests in case the DEL was not
successful, or returns an error code.
"""
if use_root_uri:
target_path = self.rootURI + path
else:
target_path = self.serverURI + path
r = self.session.delete(target_path, headers=headers)
r.raise_for_status()
return r
def main():
"""
Test code for the PKIConnection class.
:return: None
"""
conn = PKIConnection()
headers = {'Content-type': 'application/json',
'Accept': 'application/json'}
conn.set_authentication_cert('/root/temp4.pem')
print(conn.get("", headers).json())
if __name__ == "__main__":
main()
|