all: Word-wrap.

caucase/ca.py

@@ -167,7 +167,10 @@ class CertificateAuthority(object):
     ])
     if ca_life_period < 3:
       raise ValueError("ca_life_period must be >= 3 to allow CA rollout")
-    self._crl_life_time = datetime.timedelta(crt_life_time * crl_renew_period, 0)
+    self._crl_life_time = datetime.timedelta(
+      crt_life_time * crl_renew_period,
+      0,
+    )
     self._ca_life_time = datetime.timedelta(crt_life_time * ca_life_period, 0)
     self._loadCAKeyPairList()
     self._renewCAIfNeeded()
@@ -182,7 +185,10 @@ class CertificateAuthority(object):
   def _loadCAKeyPairList(self):
     ca_key_pair_list = []
     for pem_key_pair in self._storage.getCAKeyPairList():
-      utils.validateCertAndKey(pem_key_pair['crt_pem'], pem_key_pair['key_pem'])
+      utils.validateCertAndKey(
+        pem_key_pair['crt_pem'],
+        pem_key_pair['key_pem'],
+      )
       ca_key_pair_list.append({
         'crt': utils.load_ca_certificate(pem_key_pair['crt_pem']),
         'key': utils.load_privatekey(pem_key_pair['key_pem']),
@@ -302,7 +308,9 @@ class CertificateAuthority(object):
         ),
         Extension(
           x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(
-            ca_crt.extensions.get_extension_for_class(x509.SubjectKeyIdentifier),
+            ca_crt.extensions.get_extension_for_class(
+              x509.SubjectKeyIdentifier,
+            ),
           ),
           critical=False, # "MUST mark this extension as non-critical"
         ),
@@ -349,7 +357,8 @@ class CertificateAuthority(object):
           decipher_only     =decipher_only,
           # pylint: enable=bad-whitespace
         ),
-        critical=key_usage_extension.critical, # "SHOULD mark this extension critical"
+        # "SHOULD mark this extension critical"
+        critical=key_usage_extension.critical,
       )
     try:
       extended_key_usage = template_csr.extensions.get_extension_for_class(
@@ -403,7 +412,9 @@ class CertificateAuthority(object):
         # "auto-signed" one...
         policy_list = [
           x for x in certificate_policies.value
-          if not x.policy_identifier.dotted_string.startswith(utils.CAUCASE_OID_TOP)
+          if not x.policy_identifier.dotted_string.startswith(
+            utils.CAUCASE_OID_TOP,
+          )
         ]
         if auto_signed == _AUTO_SIGNED_YES:
           # ...but do add auto-signed extension if we are auto-signing.
@@ -438,7 +449,8 @@ class CertificateAuthority(object):
     """
     if (
       self._ca_key_size is not None and not self._ca_key_pairs_list or (
-        self._ca_key_pairs_list[-1]['crt'].not_valid_after - datetime.datetime.utcnow()
+        self._ca_key_pairs_list[-1]['crt'].not_valid_after -
+        datetime.datetime.utcnow()
       ).total_seconds() / self._crt_life_time.total_seconds() <= 2
     ) and self._ca_renewal_lock.acquire(False):
       try:
@@ -510,7 +522,8 @@ class CertificateAuthority(object):
             ),
             Extension(
               x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(
-                # Dummy extension, from_issuer_subject_key_identifier accesses .data directly
+                # Dummy extension, from_issuer_subject_key_identifier accesses
+                # .data directly
                 Extension(
                   subject_key_identifier,
                   critical=False,
@@ -520,8 +533,8 @@ class CertificateAuthority(object):
             ),
           ],
         )
-        # Copy all extensions, except the ones which depend on the key (and which
-        # we just set).
+        # Copy all extensions, except the ones which depend on the key (and
+        # which we just set).
         skipped_extension_oid_set = (
           x509.SubjectKeyIdentifier.oid,
           x509.AuthorityKeyIdentifier.oid,
@@ -567,8 +580,8 @@ class CertificateAuthority(object):
         # using it.
         break
     else:
-      # No CA cert is valid for more than one certificate life time, so just pick
-      # the newest one.
+      # No CA cert is valid for more than one certificate life time, so just
+      # pick the newest one.
       key_pair = self._ca_key_pairs_list[-1]
     return key_pair
 

caucase/cli.py

@@ -92,7 +92,7 @@ class CLICaucaseClient(object):
         except CaucaseError, e:
           if e.args[0] != httplib.NOT_FOUND:
             raise
-          print crt_id, 'not found - either csr id has a typo or CSR was rejected'
+          print crt_id, 'not found - maybe CSR was rejected ?'
           error = True
         else:
           print crt_id, 'CSR still pending'
@@ -175,7 +175,11 @@ class CLICaucaseClient(object):
         error = True
         continue
       try:
-        old_crt = utils.load_certificate(old_crt_pem, ca_certificate_list, None)
+        old_crt = utils.load_certificate(
+          old_crt_pem,
+          ca_certificate_list,
+          None,
+        )
       except exceptions.CertificateVerificationError:
         print crt_path, (
             'was not signed by this CA, revoked or otherwise invalid, skipping'
@@ -278,7 +282,8 @@ def main(argv=None):
   Command line caucase client entry point.
   """
   parser = argparse.ArgumentParser(description='caucase')
-  # XXX: currently, it is the server which chooses which digest is used to sign stuff.
+  # XXX: currently, it is the server which chooses which digest is used to sign
+  # stuff.
   # Should clients be able to tell it how to sign (and server could reject) ?
   parser.add_argument(
     '--ca-url',
@@ -657,8 +662,9 @@ def updater(argv=None):
     '--key',
     metavar='KEY_PATH',
     help='Path of your private key file. Must always exist when this command '
-    'is started. Will be updated on certificate renewal. If not provided, both '
-    'key and certificate will be stored in the file pointed at by --crt .',
+    'is started. Will be updated on certificate renewal. If not provided, '
+    'both key and certificate will be stored in the file pointed at by '
+    '--crt .',
   )
   parser.add_argument(
     '--crt',
@@ -756,7 +762,13 @@ def updater(argv=None):
             crt_file.write(new_key_pem)
             crt_file.write(new_crt_pem)
         else:
-          with open(args.crt, 'w') as crt_file, open(key_path, 'w') as key_file:
+          with open(
+            args.crt,
+            'w',
+          ) as crt_file, open(
+            key_path,
+            'w',
+          ) as key_file:
             key_file.write(new_key_pem)
             crt_file.write(new_crt_pem)
         updated = True
@@ -812,7 +824,9 @@ def rerequest(argv=None):
     'default: %(default)s',
   )
   args = parser.parse_args(argv)
-  template = utils.load_certificate_request(utils.getCertRequest(args.template))
+  template = utils.load_certificate_request(
+    utils.getCertRequest(args.template),
+  )
   key = utils.generatePrivateKey(key_len=args.key_len)
   csr_pem = utils.dump_certificate_request(
     x509.CertificateSigningRequestBuilder(

caucase/http.py

@@ -76,7 +76,9 @@ class ThreadingWSGIServer(ThreadingMixIn, WSGIServer):
 
   def __init__(self, server_address, *args, **kw):
     self.address_family, _, _, _, _ = socket.getaddrinfo(*server_address)[0]
-    assert self.address_family in (socket.AF_INET, socket.AF_INET6), self.address_family
+    assert self.address_family in (socket.AF_INET, socket.AF_INET6), (
+      self.address_family,
+    )
     WSGIServer.__init__(self, server_address, *args, **kw)
 
 class CaucaseWSGIRequestHandler(WSGIRequestHandler):
@@ -94,7 +96,9 @@ class CaucaseWSGIRequestHandler(WSGIRequestHandler):
       timezone (including DST considerations), time it always logged in GMT
     """
     now = datetime.datetime.utcnow()
-    return now.strftime('%d/' + self.monthname[now.month] + '/%Y:%H:%M:%S +0000')
+    return now.strftime(
+      '%d/' + self.monthname[now.month] + '/%Y:%H:%M:%S +0000',
+    )
 
 class CaucaseSSLWSGIRequestHandler(CaucaseWSGIRequestHandler):
   """

caucase/storage.py

@@ -227,7 +227,12 @@ class SQLite3Storage(local):
         ),
       )
 
-  def appendCertificateSigningRequest(self, csr_pem, key_id, override_limits=False):
+  def appendCertificateSigningRequest(
+    self,
+    csr_pem,
+    key_id,
+    override_limits=False,
+  ):
     """
     Store acertificate signing request and generate a unique ID for it.
     Note: ID uniqueness is only guaranteed among pending CSR, and may be reused

caucase/test.py

@@ -109,7 +109,10 @@ class CaucaseTest(unittest.TestCase):
     # pylint: enable=bad-whitespace
     os.mkdir(self._server_backup_path)
 
-    self._server_netloc = netloc = os.getenv('CAUCASE_NETLOC', 'localhost:8000')
+    self._server_netloc = netloc = os.getenv(
+      'CAUCASE_NETLOC',
+      'localhost:8000',
+    )
     self._caucase_url = 'http://' + netloc
     parsed_url = urlparse.urlparse(self._caucase_url)
     self.assertFalse(
@@ -706,7 +709,7 @@ class CaucaseTest(unittest.TestCase):
     ).splitlines()
     self.assertRaises(TypeError, utils.getCert, key_path)
     self.assertEqual([
-      csr_id + ' not found - either csr id has a typo or CSR was rejected'
+      csr_id + ' not found - maybe CSR was rejected ?'
     ], out)
 
   def testBadCSR(self):

caucase/utils.py

@@ -218,7 +218,9 @@ def _verifyCertificateChain(cert, trusted_cert_list, crl):
     crypto.X509StoreContextError,
     crypto.Error,
   ), e:
-    raise CertificateVerificationError('Certificate verification error: %s' % str(e))
+    raise CertificateVerificationError(
+      'Certificate verification error: %s' % str(e),
+    )
 
 def wrap(payload, key, digest):
   """

caucase/wsgi.py

@@ -98,7 +98,8 @@ class InsufficientStorage(ApplicationError):
   """
   No storage slot available (not necessarily out of disk space)
   """
-  # httplib lacks the textual description for 507, although it has the constant...
+  # httplib lacks the textual description for 507, although it has the
+  # constant...
   status = '%i Insufficient Storage' % (httplib.INSUFFICIENT_STORAGE, )
 
 STATUS_OK = _getStatus(httplib.OK)