def store_cert(self, domain, transport_cert):
"""Store a new cert or override existing cert
:param domain: IPA domain
:param transport_cert: cryptography.x509.Certificate
:return: True if cert was stored successfully
"""
filename = self._get_filename(domain)
pem = transport_cert.public_bytes(serialization.Encoding.PEM)
try:
try:
os.makedirs(self._dirname)
except EnvironmentError as e:
if e.errno != errno.EEXIST:
raise
with tempfile.NamedTemporaryFile(dir=self._dirname, delete=False,
mode='wb') as f:
try:
f.write(pem)
ipautil.flush_sync(f)
f.close()
os.rename(f.name, filename)
except Exception:
os.unlink(f.name)
raise
except Exception:
logger.warning("Failed to save %s", filename, exc_info=True)
return False
else:
return True
def store_cert(self, domain, transport_cert):
"""Store a new cert or override existing cert
:param domain: IPA domain
:param transport_cert: cryptography.x509.Certificate
:return: True if cert was stored successfully
"""
filename = self._get_filename(domain)
pem = transport_cert.public_bytes(serialization.Encoding.PEM)
try:
try:
os.makedirs(self._dirname)
except EnvironmentError as e:
if e.errno != errno.EEXIST:
raise
with tempfile.NamedTemporaryFile(dir=self._dirname, delete=False,
mode='wb') as f:
try:
f.write(pem)
ipautil.flush_sync(f)
f.close()
os.rename(f.name, filename)
except Exception:
os.unlink(f.name)
raise
except Exception:
logger.warning("Failed to save %s", filename, exc_info=True)
return False
else:
return True
def store(self, domain, response):
"""Store config in cache
:param domain: IPA domain
:param config: ipa vaultconfig-show response
:return: True if config was stored successfully
"""
config = response['result'].copy()
# store certificate as PEM-encoded ASCII
config['transport_cert'] = ssl.DER_cert_to_PEM_cert(
config['transport_cert'])
filename = self._get_filename(domain)
try:
try:
os.makedirs(self._dirname)
except EnvironmentError as e:
if e.errno != errno.EEXIST:
raise
with tempfile.NamedTemporaryFile(dir=self._dirname,
delete=False,
mode='w') as f:
try:
json.dump(config, f)
ipautil.flush_sync(f)
f.close()
os.rename(f.name, filename)
except Exception:
os.unlink(f.name)
raise
except Exception:
logger.warning("Failed to save %s", filename, exc_info=True)
return False
else:
return True
def __config_file(self):
template_file = os.path.basename(self.config_file) + '.template'
template = os.path.join(paths.USR_SHARE_IPA_DIR, template_file)
sub_dict = dict(IPA_CUSTODIA_CONF_DIR=paths.IPA_CUSTODIA_CONF_DIR,
IPA_CUSTODIA_KEYS=paths.IPA_CUSTODIA_KEYS,
IPA_CUSTODIA_SOCKET=paths.IPA_CUSTODIA_SOCKET,
IPA_CUSTODIA_AUDIT_LOG=paths.IPA_CUSTODIA_AUDIT_LOG,
LDAP_URI=ipaldap.realm_to_ldapi_uri(self.realm),
UID=constants.HTTPD_USER.uid,
GID=constants.HTTPD_USER.pgid)
conf = ipautil.template_file(template, sub_dict)
with open(self.config_file, "w") as f:
f.write(conf)
ipautil.flush_sync(f)
def __config_file(self):
template_file = os.path.basename(self.config_file) + '.template'
template = os.path.join(paths.USR_SHARE_IPA_DIR, template_file)
httpd_info = pwd.getpwnam(constants.HTTPD_USER)
sub_dict = dict(
IPA_CUSTODIA_CONF_DIR=paths.IPA_CUSTODIA_CONF_DIR,
IPA_CUSTODIA_KEYS=paths.IPA_CUSTODIA_KEYS,
IPA_CUSTODIA_SOCKET=paths.IPA_CUSTODIA_SOCKET,
IPA_CUSTODIA_AUDIT_LOG=paths.IPA_CUSTODIA_AUDIT_LOG,
LDAP_URI=installutils.realm_to_ldapi_uri(self.realm),
UID=httpd_info.pw_uid,
GID=httpd_info.pw_gid
)
conf = ipautil.template_file(template, sub_dict)
with open(self.config_file, "w") as f:
f.write(conf)
ipautil.flush_sync(f)
def _write_schema(self, fingerprint):
try:
os.makedirs(self._DIR)
except EnvironmentError as e:
if e.errno != errno.EEXIST:
raise
with tempfile.NamedTemporaryFile('wb', prefix=fingerprint,
dir=self._DIR, delete=False) as f:
try:
self._write_schema_data(f)
ipautil.flush_sync(f)
f.close()
except Exception:
os.unlink(f.name)
raise
else:
os.rename(f.name, os.path.join(self._DIR, fingerprint))
def _write_schema(self, fingerprint):
try:
os.makedirs(self._DIR)
except EnvironmentError as e:
if e.errno != errno.EEXIST:
raise
with tempfile.NamedTemporaryFile('wb', prefix=fingerprint,
dir=self._DIR, delete=False) as f:
try:
self._write_schema_data(f)
ipautil.flush_sync(f)
f.close()
except Exception:
os.unlink(f.name)
raise
else:
os.rename(f.name, os.path.join(self._DIR, fingerprint))
def test_flush_sync():
with tempfile.NamedTemporaryFile('wb+') as f:
f.write(b'data')
ipautil.flush_sync(f)
def test_flush_sync():
with tempfile.NamedTemporaryFile('wb+') as f:
f.write(b'data')
ipautil.flush_sync(f)
