RA moved to Warden server config system (this also means logfile is now configurable)

65502706 · Pavel Kácha · 9812e941 · 65502706 · 65502706
Commit 65502706 authored 8 years ago by Pavel Kácha
--- a/warden3/contrib/warden_ra/warden_ra.cfg.dist
+++ b/warden3/contrib/warden_ra/warden_ra.cfg.dist
 {
-    "url": "https://ejbca.example.org/ejbca/ejbcaws/ejbcaws?wsdl",
+    "Log": {
-    "cert": "warden_ra.cert.pem",
+        "filename": "/var/log/warden_ra.log",
-    "key": "warden_ra.key.pem",
+        "level": "info"
-    "caName": "Example CA",
+    },
-    "certificateProfileName": "Example",
+    "Registry": {
-    "endEntityProfileName": "Example EE",
+        "url": "https://ejbca.example.org/ejbca/ejbcaws/ejbcaws?wsdl",
-    "subjectDN_template": "DC=cz,DC=example-ca,DC=warden,CN=%s",
+        "cert": "warden_ra.cert.pem",
-    "username_suffix": "@warden"
+        "key": "warden_ra.key.pem",
-}
+        "ca_name": "Example CA",
\ No newline at end of file
+        "certificate_profile_name": "Example",
+        "end_entity_profile_name": "Example EE",
+        "subject_dn_template": "DC=cz,DC=example-ca,DC=warden,CN=%s",
+        "username_suffix": "@warden"
+    }
+}
--- a/warden3/contrib/warden_ra/warden_ra.py
+++ b/warden3/contrib/warden_ra/warden_ra.py
@@ -21,7 +21,8 @@ import ejbcaws
 # usual path to warden server
 sys.path.append(os.path.join(os.path.dirname(__file__), "..", "..", "warden_server"))
-from warden_server import Request, ObjectBase, StreamLogger, FileLogger, Server, expose
+import warden_server
+from warden_server import Request, ObjectBase, FileLogger, SysLogger, Server, expose, read_cfg
 class EjbcaClient(object):
@@ -98,14 +99,15 @@ class EjbcaClient(object):
 class EjbcaRegistry(object):
-    def __init__(self, url, cert=None, key=None,
+    def __init__(self, log, url, cert=None, key=None,
-                 caName="", certificateProfileName="", endEntityProfileName="",
+                 ca_name="", certificate_profile_name="", end_entity_profile_name="",
-                 subjectDN_template="%s", username_suffix=""):
+                 subject_dn_template="%s", username_suffix=""):
+        self.log = log
        self.ejbca = ejbcaws.Ejbca(url, cert, key)
-        self.caName = caName
+        self.ca_name = ca_name
-        self.certificateProfileName = certificateProfileName
+        self.certificate_profile_name = certificate_profile_name
-        self.endEntityProfileName = endEntityProfileName
+        self.end_entity_profile_name = end_entity_profile_name
-        self.subjectDN_template = subjectDN_template
+        self.subject_dn_template = subject_dn_template
        self.username_suffix = username_suffix
    def get_clients(self):
@@ -124,9 +126,9 @@ class EjbcaRegistry(object):
        if user:
            raise LookupError("Client %s already exists" % name)
        new_ejbca_data = dict(
-            caName=self.caName,
+            ca_name=self.ca_name,
-            certificateProfileName=self.certificateProfileName,
+            certificate_profile_name=self.certificate_profile_name,
-            endEntityProfileName=self.endEntityProfileName,
+            end_entity_profile_name=self.end_entity_profile_name,
            keyRecoverable=False,
            sendNotification=False,
            status=ejbcaws.STATUS_INITIALIZED,
@@ -205,18 +207,52 @@ class CertHandler(ObjectBase):
        return [("Content-Type", "application/x-x509-user-cert")], newcert.as_pem()
+# Order in which the base objects must get initialized
+section_order = ("log", "auth", "registry", "handler", "server")
+# List of sections and objects, configured by them
+# First object in each object list is the default one, otherwise
+# "type" keyword in section may be used to choose other
+section_def = {
+    "log": [FileLogger, SysLogger],
+    "auth": [NullAuthenticator],
+    "registry": [EjbcaRegistry],
+    "handler": [CertHandler],
+    "server": [Server]
+}
+# Object parameter conversions and defaults
+param_def = {
+    FileLogger: warden_server.param_def[FileLogger],
+    SysLogger: warden_server.param_def[SysLogger],
+    Server: warden_server.param_def[Server],
+    NullAuthenticator: {
+        "req": {"type": "obj", "default": "req"},
+        "log": {"type": "obj", "default": "log"}
+    },
+    EjbcaRegistry: {
+        "log":  {"type": "obj", "default": "log"},
+        "url": {"type": "str", "default": "https://ejbca.example.org/ejbca/ejbcaws/ejbcaws?wsdl"},
+        "cert": {"type": "filepath", "default": os.path.join(os.path.dirname(__file__), "warden_ra.cert.pem")},
+        "key": {"type": "filepath", "default": os.path.join(os.path.dirname(__file__), "warden_ra.key.pem")},
+        "ca_name": {"type": "str", "default": "Example CA"},
+        "certificate_profile_name": {"type": "str", "default": "Example"},
+        "end_entity_profile_name": {"type": "str", "default": "Example EE"},
+        "subject_dn_template": {"type": "str", "default": "DC=cz,DC=example-ca,DC=warden,CN=%s"},
+        "username_suffix": {"type": "str", "default": "@warden"}
+    },
+    CertHandler: {
+        "req": {"type": "obj", "default": "req"},
+        "log": {"type": "obj", "default": "log"},
+        "registry": {"type": "obj", "default": "registry"}
+    }
+}
+param_def[FileLogger]["filename"] = {"type": "filepath", "default": os.path.join(os.path.dirname(__file__), os.path.splitext(os.path.split(__file__)[1])[0] + ".log")}
 def build_server(conf):
-    StreamLogger()
+    return warden_server.build_server(conf, section_order, section_def, param_def)
-    req = Request()
-    log = FileLogger(
-        req,
-        filename=os.path.join(os.path.dirname(__file__), os.path.splitext(os.path.split(__file__)[1])[0] + ".log"),
-        level=logging.DEBUG)
-    auth = NullAuthenticator(req, log)
-    registry = EjbcaRegistry(**conf)
-    handler = CertHandler(req, log, registry)
-    server = Server(req, log, auth, handler)
-    return server
 # Command line
@@ -369,13 +405,6 @@ def get_args():
    return argp.parse_args()
-def read_cfg(path):
-    with open(path, "r") as f:
-        stripcomments = "\n".join((l for l in f if not l.lstrip().startswith(("#", "//"))))
-        conf = json.loads(stripcomments)
-    return conf
 if __name__ == "__main__":
    args = get_args()
    config = read_cfg(os.path.join(os.path.dirname(__file__), args.config or "warden_ra.cfg"))