client: Promote updateCAFile and updateCRLFile to class methods.

So that they do not hardcode the class to instanciate. This prepares further class tweaking. Also, update users.

client: Promote updateCAFile and updateCRLFile to class methods.
So that they do not hardcode the class to instanciate. This prepares further class tweaking. Also, update users.
b3b4ebf1 · Vincent Pelletier · e72324c6 · b3b4ebf1 · b3b4ebf1
Commit b3b4ebf1 authored Sep 20, 2018 by Vincent Pelletier
Show whitespace changes
Inline Side-by-side

Showing with 77 additions and 79 deletions

caucase/cli.py caucase/cli.py +14 -10

caucase/client.py caucase/client.py +63 -69

No files found.
--- a/caucase/cli.py
+++ b/caucase/cli.py
@@ -34,8 +34,6 @@ from .client import (
  CaucaseError,
  CaucaseClient,
  HTTPSOnlyCaucaseClient,
-  updateCAFile,
-  updateCRLFile,
 )
 _cryptography_backend = default_backend()
@@ -492,10 +490,10 @@ def main(argv=None):
  try:
    # Get a working, up-to-date CAS CA certificate file.
-    updated |= updateCAFile(cas_url, args.ca_crt)
+    updated |= CaucaseClient.updateCAFile(cas_url, args.ca_crt)
    # --update-user, CA part
    if args.update_user or args.mode == MODE_USER:
-      updated |= updateCAFile(cau_url, args.user_ca_crt)
+      updated |= CaucaseClient.updateCAFile(cau_url, args.user_ca_crt)
    client = CLICaucaseClient(
      client=CaucaseClient(
@@ -538,13 +536,13 @@ def main(argv=None):
    if args.list_csr:
      client.listCSR(args.mode)
    # update our CRL after all revocations we were requested
-    updated |= updateCRLFile(cas_url, args.crl, [
+    updated |= CaucaseClient.updateCRLFile(cas_url, args.crl, [
      utils.load_ca_certificate(x)
      for x in utils.getCertList(args.ca_crt)
    ])
    # --update-user, CRL part
    if args.update_user:
-      updated |= updateCRLFile(cau_url, args.user_crl, [
+      updated |= CaucaseClient.updateCRLFile(cau_url, args.user_crl, [
        utils.load_ca_certificate(x)
        for x in utils.getCertList(args.user_ca_crt)
      ])
@@ -695,7 +693,10 @@ def updater(argv=None, until=utils.until):
    }[args.mode]
    threshold = datetime.timedelta(args.threshold, 0)
    max_sleep = datetime.timedelta(args.max_sleep, 0)
-    updated = updateCAFile(cas_url, args.cas_ca) and args.cas_ca == args.ca
+    updated = CaucaseClient.updateCAFile(
+      cas_url,
+      args.cas_ca,
+    ) and args.cas_ca == args.ca
    client = CaucaseClient(
      ca_url=ca_url,
      ca_crt_pem_list=utils.getCertList(args.cas_ca)
@@ -732,12 +733,15 @@ def updater(argv=None, until=utils.until):
      )
      now = until(next_deadline)
      next_deadline = now + max_sleep
-      if args.cas_ca != args.ca and updateCAFile(cas_url, args.cas_ca):
+      if args.cas_ca != args.ca and CaucaseClient.updateCAFile(
+        cas_url,
+        args.cas_ca,
+      ):
        client = CaucaseClient(
          ca_url=ca_url,
          ca_crt_pem_list=utils.getCertList(args.cas_ca)
        )
-      if updateCAFile(ca_url, args.ca):
+      if CaucaseClient.updateCAFile(ca_url, args.ca):
        print 'Got new CA'
        updated = True
        # Note: CRL expiration should happen several time during CA renewal
@@ -747,7 +751,7 @@ def updater(argv=None, until=utils.until):
        utils.load_ca_certificate(x)
        for x in utils.getCertList(args.ca)
      ]
-      if updateCRLFile(ca_url, args.crl, ca_crt_list):
+      if CaucaseClient.updateCRLFile(ca_url, args.crl, ca_crt_list):
        print 'Got new CRL'
        updated = True
        next_deadline = min(

--- a/caucase/client.py
+++ b/caucase/client.py
@@ -35,8 +35,6 @@ __all__ = (
  'CaucaseError',
  'CaucaseClient',
  'HTTPSOnlyCaucaseClient',
-  'updateCAFile',
-  'updateCRLFile',
 )
 _cryptography_backend = default_backend()
@@ -47,7 +45,15 @@ class CaucaseError(Exception):
  """
  pass
-def updateCAFile(url, ca_crt_path):
+class CaucaseClient(object):
+  """
+  Caucase HTTP(S) client.
+  Expose caucase REST API as pythonic methods.
+  """
+  @classmethod
+  def updateCAFile(cls, url, ca_crt_path):
    """
    Bootstrap anf maintain a CA file up-to-date.
@@ -60,9 +66,7 @@ def updateCAFile(url, ca_crt_path):
    certificate expired and was discarded).
    """
    if not os.path.exists(ca_crt_path):
-    ca_pem = CaucaseClient(
+      ca_pem = cls(ca_url=url).getCACertificate()
-      ca_url=url,
-    ).getCACertificate()
      with open(ca_crt_path, 'w') as ca_crt_file:
        ca_crt_file.write(ca_pem)
      updated = True
@@ -76,10 +80,7 @@ def updateCAFile(url, ca_crt_path):
      if utils.load_ca_certificate(x).not_valid_after > now
    ]
    ca_pem_list.extend(
-    CaucaseClient(
+      cls(ca_url=url, ca_crt_pem_list=ca_pem_list).getCACertificateChain(),
-      ca_url=url,
-      ca_crt_pem_list=ca_pem_list,
-    ).getCACertificateChain(),
    )
    if ca_pem_list != loaded_ca_pem_list:
      data = ''.join(ca_pem_list)
@@ -88,7 +89,8 @@ def updateCAFile(url, ca_crt_path):
      updated = True
    return updated
-def updateCRLFile(url, crl_path, ca_list):
+  @classmethod
+  def updateCRLFile(cls, url, crl_path, ca_list):
    """
    Bootstrap anf maintain a CRL file up-to-date.
@@ -106,9 +108,7 @@ def updateCRLFile(url, crl_path, ca_list):
      my_crl = utils.load_crl(open(crl_path).read(), ca_list)
    else:
      my_crl = None
-  latest_crl_pem = CaucaseClient(
+    latest_crl_pem = cls(ca_url=url).getCertificateRevocationList()
-    ca_url=url,
-  ).getCertificateRevocationList()
    latest_crl = utils.load_crl(latest_crl_pem, ca_list)
    if my_crl is None or latest_crl.signature != my_crl.signature:
      with open(crl_path, 'w') as crl_file:
@@ -116,12 +116,6 @@ def updateCRLFile(url, crl_path, ca_list):
      return True
    return False
-class CaucaseClient(object):
-  """
-  Caucase HTTP(S) client.
-  Expose caucase REST API as pythonic methods.
-  """
  def __init__(self, ca_url, ca_crt_pem_list=None, user_key=None):
    # XXX: set timeout to HTTP connections ?
    http_url = urlparse(ca_url)