Commit 5609588d authored by zhifan huang's avatar zhifan huang

conf upgrade to 3

parent a46f4b11
......@@ -6,7 +6,9 @@ if 're6st' not in sys.modules:
sys.path[0] = os.path.dirname(os.path.dirname(sys.path[0]))
from re6st import registry, utils, x509
def create(path, text=None, mode=0666):
def create(path, text=None, mode=0o666):
if isinstance(text, str):
text = text.encode()
fd = os.open(path, os.O_CREAT | os.O_WRONLY | os.O_TRUNC, mode)
try:
os.write(fd, text)
......@@ -64,12 +66,13 @@ def main():
fingerprint = binascii.a2b_hex(fingerprint)
if hashlib.new(alg).digest_size != len(fingerprint):
raise ValueError("wrong size")
except StandardError, e:
# StandardError is removed
except StandardError as e:
parser.error("invalid fingerprint: %s" % e)
if x509.fingerprint(ca, alg).digest() != fingerprint:
sys.exit("CA fingerprint doesn't match")
else:
print "WARNING: it is strongly recommended to use --fingerprint option."
print("WARNING: it is strongly recommended to use --fingerprint option.")
network = x509.networkFromCa(ca)
if config.is_needed:
route, err = subprocess.Popen(('ip', '-6', '-o', 'route', 'get',
......@@ -87,20 +90,23 @@ def main():
try:
with open(cert_path) as f:
cert = loadCert(f.read())
# TODO the result of get_compoonents is bytes, need to convert to string
components = dict(cert.get_subject().get_components())
for k in reserved:
components.pop(k, None)
except IOError, e:
except IOError as e:
if e.errno != errno.ENOENT:
raise
components = {}
if config.req:
components.update(config.req)
subj = req.get_subject()
for k, v in components.iteritems():
for k, v in components.items():
if k in reserved:
sys.exit(k + " field is reserved.")
if v:
if isinstance(k, bytes):
k = k.decode()
setattr(subj, k, v)
cert_fd = token_advice = None
......@@ -112,26 +118,26 @@ def main():
token = ''
elif not token:
if not config.email:
config.email = raw_input('Please enter your email address: ')
config.email = input('Please enter your email address: ')
s.requestToken(config.email)
token_advice = "Use --token to retry without asking a new token\n"
while not token:
token = raw_input('Please enter your token: ')
token = input('Please enter your token: ')
try:
with open(key_path) as f:
pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, f.read())
key = None
print "Reusing existing key."
except IOError, e:
print("Reusing existing key.")
except FileNotFoundError as e:
if e.errno != errno.ENOENT:
raise
bits = ca.get_pubkey().bits()
print "Generating %s-bit key ..." % bits
print("Generating %s-bit key ..." % bits)
pkey = crypto.PKey()
pkey.generate_key(crypto.TYPE_RSA, bits)
key = crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)
create(key_path, key, 0600)
create(key_path, key, 0o600)
req.set_pubkey(pkey)
req.sign(pkey, 'sha512')
......@@ -139,8 +145,8 @@ def main():
# First make sure we can open certificate file for writing,
# to avoid using our token for nothing.
cert_fd = os.open(cert_path, os.O_CREAT | os.O_WRONLY, 0666)
print "Requesting certificate ..."
cert_fd = os.open(cert_path, os.O_CREAT | os.O_WRONLY, 0o666)
print("Requesting certificate ...")
cert = s.requestCertificate(token, req)
if not cert:
token_advice = None
......@@ -179,12 +185,12 @@ key %s
#O--verb
#O3
""" % (config.registry, ca_path, cert_path, key_path))
print "Sample configuration file created."
print("Sample configuration file created.")
cn = x509.subnetFromCert(cert)
subnet = network + utils.binFromSubnet(cn)
print "Your subnet: %s/%u (CN=%s)" \
% (utils.ipFromBin(subnet), len(subnet), cn)
print("Your subnet: %s/%u (CN=%s)" \
% (utils.ipFromBin(subnet), len(subnet), cn))
if __name__ == "__main__":
main()
......@@ -6,8 +6,8 @@ import os
import sys
import unittest
from shutil import rmtree
from StringIO import StringIO
from mock import patch
from io import StringIO
from unittest.mock import patch
from re6st.cli import conf
from re6st.tests.tools import generate_cert, serial2prefix
......@@ -39,8 +39,8 @@ class TestConf(unittest.TestCase):
with open("registry.key") as f:
cls.pkey = f.read()
cls.command = "re6st-conf --registry http://localhost/" \
" --dir %s" % cls.work_dir
cls.command = ("re6st-conf --registry http://localhost/"
" --dir %s" % cls.work_dir)
cls.serial = 0
......@@ -71,17 +71,18 @@ class TestConf(unittest.TestCase):
# go back to original dir
os.chdir(self.origin_dir)
@patch("__builtin__.raw_input")
def test_basic(self, mock_raw_input):
@patch("builtins.input")
def test_basic(self, mock_input):
""" go through all the step
getCa, requestToken, requestCertificate
"""
mail = "example@email.com"
token = "a_token"
mock_raw_input.side_effect = [mail, token]
command = self.command \
+ " --fingerprint sha1:a1861330f1299b98b529fa52c3d8e5d1a94dc63a" \
+ " --req L lille"
mock_input.side_effect = [mail, token]
command = self.command
command += (" --fingerprint sha1:a1861330f1299b98b529fa52c3d8e5d1a94dc63a"
" --req L lille")
sys.argv = command.split()
conf.main()
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment