def test_clear(self):
repoid = 'repo1'
self.test_repo_first_time(repoid)
client = None
cf = CertFiles(TEST_CERT_ROOT_DIR, repoid)
cf.update(client)
cf.apply()
rootdir = os.path.join(TEST_CERT_ROOT_DIR, repoid)
self.assertFalse(os.path.exists(rootdir))
def test_clear_both(self):
# setup
repoid = 'repo1'
self.test_repo_first_time(repoid)
ca = None
client = None
cf = CertFiles(TEST_CERT_ROOT_DIR, repoid)
cf.update(ca, client)
capath, clientpath = cf.apply()
#verify
rootdir = os.path.join(TEST_CERT_ROOT_DIR, repoid)
self.assertFalse(os.path.exists(rootdir))
def _handle_client_cert(repo, rootdir, clientcert):
"""
Handle the x.509 client certificate that was specified with the repo.
The cert file will be written to disk, deleting any existing
files that were there. The repo object will be updated with the
sslclientcert setting related to the stored certificates.
"""
certificates = CertFiles(rootdir, repo.id)
certificates.update(clientcert)
clientpath = certificates.apply()
# client certificate
if clientcert:
repo['sslclientcert'] = clientpath
def _handle_client_cert(repo, rootdir, clientcert):
"""
Handle the x.509 client certificate that was specified with the repo.
The cert file will be written to disk, deleting any existing
files that were there. The repo object will be updated with the
sslclientcert setting related to the stored certificates.
"""
certificates = CertFiles(rootdir, repo.id)
certificates.update(clientcert)
clientpath = certificates.apply()
# client certificate
if clientcert:
repo['sslclientcert'] = clientpath
def test_repo_first_time(self, repoid='repo1'):
repoid = 'repo1'
client = 'MY-CLIENT-KEY_AND_CERT'
cf = CertFiles(TEST_CERT_ROOT_DIR, repoid)
cf.update(client)
clientpath = cf.apply()
rootdir = os.path.join(TEST_CERT_ROOT_DIR, repoid)
self.assertTrue(os.path.exists(rootdir))
self.assertEqual(clientpath, os.path.join(rootdir, CertFiles.CLIENT))
f = open(clientpath)
pem = f.read()
f.close()
self.assertEqual(pem, client)
def test_repo_first_time(self, repoid='repo1'):
repoid = 'repo1'
client = 'MY-CLIENT-KEY_AND_CERT'
cf = CertFiles(TEST_CERT_ROOT_DIR, repoid)
cf.update(client)
clientpath = cf.apply()
rootdir = os.path.join(TEST_CERT_ROOT_DIR, repoid)
self.assertTrue(os.path.exists(rootdir))
self.assertEqual(clientpath, os.path.join(rootdir, CertFiles.CLIENT))
f = open(clientpath)
pem = f.read()
f.close()
self.assertEqual(pem, client)
def test_clear_client(self):
# setup
repoid = 'repo1'
self.test_repo_first_time(repoid)
ca = 'MY-NEW-CA-CERT'
client = None
cf = CertFiles(TEST_CERT_ROOT_DIR, repoid)
cf.update(ca, client)
capath, clientpath = cf.apply()
#verify
rootdir = os.path.join(TEST_CERT_ROOT_DIR, repoid)
self.assertTrue(os.path.exists(rootdir))
self.assertEqual(capath, os.path.join(rootdir, CertFiles.CA))
self.assertEqual(len(os.listdir(rootdir)), 1)
f = open(capath)
pem = f.read()
f.close()
self.assertEqual(pem, ca)
def test_repo_first_time(self, repoid='repo1'):
# setup
repoid = 'repo1'
ca = 'MY-CA-CERT'
client = 'MY-CLIENT-KEY_AND_CERT'
cf = CertFiles(TEST_CERT_ROOT_DIR, repoid)
cf.update(ca, client)
capath, clientpath = cf.apply()
#verify
rootdir = os.path.join(TEST_CERT_ROOT_DIR, repoid)
self.assertTrue(os.path.exists(rootdir))
self.assertEqual(capath, os.path.join(rootdir, CertFiles.CA))
self.assertEqual(clientpath, os.path.join(rootdir, CertFiles.CLIENT))
for path, content in ((capath, ca),(clientpath, client)):
f = open(path)
pem = f.read()
f.close()
self.assertEqual(pem, content)
def _handle_certs(repo, rootdir, cacert, clientcert):
"""
Handle x.509 certificates that were specified with the repo.
The cert files will be written to disk, deleting any existing
files that were there. The repo object will be updated with any
values related to the stored certificates.
"""
certificates = CertFiles(rootdir, repo.id)
certificates.update(cacert, clientcert)
capath, clientpath = certificates.apply()
# CA certificate
if cacert:
repo["sslcacert"] = capath
repo["sslverify"] = "1"
else:
repo["sslverify"] = "0"
# client certificate
if clientcert:
repo["sslclientcert"] = clientpath
def test_clear(self):
repoid = 'repo1'
self.test_repo_first_time(repoid)
client = None
cf = CertFiles(TEST_CERT_ROOT_DIR, repoid)
cf.update(client)
cf.apply()
rootdir = os.path.join(TEST_CERT_ROOT_DIR, repoid)
self.assertFalse(os.path.exists(rootdir))
def unbind(repo_filename, mirror_list_filename, keys_root_dir, cert_root_dir, repo_id, lock=None):
"""
Removes the repo identified by repo_id from the given repo file. If the repo is
not bound, this call has no effect. If the mirror list file exists, it will be
deleted.
The default lock is defined at the module level and is
used to ensure that concurrent access to the give files is prevented. Specific
locks can be passed in for testing purposes to circumvent the default
location of the lock which requires root access.
@param repo_filename: full path to the location of the repo file in which
the repo will be removed; if this file does not exist
this call has no effect
@type repo_filename: string
@param mirror_list_filename: full path to the location of the mirror list file
that may exist for the given repo; if the file does
not exist this field will be ignored
@type mirror_list_filename: string
@param keys_root_dir: absolute path to the root directory in which the keys for
all repos will be stored
@type keys_root_dir: string
@param cert_root_dir: absolute path to the root directory in which the certs for
all repos will be stored
@type cert_root_dir: string
@param repo_id: identifies the repo in the repo file to delete
@type repo_id: string
@param lock: if the default lock is unacceptable, it may be overridden in this variable
@type lock: L{Lock}
"""
if not lock:
lock = Lock(LOCK_FILE)
lock.acquire()
try:
log.info('Unbinding repo [%s]' % repo_id)
if not os.path.exists(repo_filename):
return
# Repo file changes
repo_file = RepoFile(repo_filename)
repo_file.load()
repo_file.remove_repo_by_name(repo_id) # will not throw an error if repo doesn't exist
repo_file.save()
# Mirror list removal
if os.path.exists(mirror_list_filename):
os.remove(mirror_list_filename)
# Keys removal
repo_keys = RepoKeyFiles(keys_root_dir, repo_id)
repo_keys.update_filesystem()
# cert removal
certificates = CertFiles(cert_root_dir, repo_id)
certificates.apply()
finally:
lock.release()
def unbind(repo_filename, mirror_list_filename, keys_root_dir, cert_root_dir, repo_id, lock=None):
"""
Removes the repo identified by repo_id from the given repo file. If the repo is
not bound, this call has no effect. If the mirror list file exists, it will be
deleted.
The default lock is defined at the module level and is
used to ensure that concurrent access to the give files is prevented. Specific
locks can be passed in for testing purposes to circumvent the default
location of the lock which requires root access.
@param repo_filename: full path to the location of the repo file in which
the repo will be removed; if this file does not exist
this call has no effect
@type repo_filename: string
@param mirror_list_filename: full path to the location of the mirror list file
that may exist for the given repo; if the file does
not exist this field will be ignored
@type mirror_list_filename: string
@param keys_root_dir: absolute path to the root directory in which the keys for
all repos will be stored
@type keys_root_dir: string
@param cert_root_dir: absolute path to the root directory in which the certs for
all repos will be stored
@type cert_root_dir: string
@param repo_id: identifies the repo in the repo file to delete
@type repo_id: string
@param lock: if the default lock is unacceptable, it may be overridden in this variable
@type lock: L{Lock}
"""
if not lock:
lock = Lock(LOCK_FILE)
lock.acquire()
try:
log.info('Unbinding repo [%s]' % repo_id)
if not os.path.exists(repo_filename):
return
# Repo file changes
repo_file = RepoFile(repo_filename)
repo_file.load()
repo_file.remove_repo_by_name(repo_id) # will not throw an error if repo doesn't exist
repo_file.save()
# Mirror list removal
if os.path.exists(mirror_list_filename):
os.remove(mirror_list_filename)
# Keys removal
repo_keys = RepoKeyFiles(keys_root_dir, repo_id)
repo_keys.update_filesystem()
# cert removal
certificates = CertFiles(cert_root_dir, repo_id)
certificates.apply()
finally:
lock.release()