pinecrypt/certidude
2
1
Fork 0
Code Issues 1 Pull Requests Activity

Don't use continue inside finally

Browse Source
This commit is contained in:
Lauri Võsandi 2021-05-06 11:18:57 +03:00
parent 2bbf64c6d7
commit 657ee3a38e
1 changed files with 49 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
pinecrypt/client/cli.py
View File

@ -145,62 +145,62 @@ def certidude_enroll(fork, no_wait, kerberos):
authority_path = clients.get(authority_name, "authority path") authority_path = clients.get(authority_name, "authority path")
except NoOptionError: except NoOptionError:
authority_path = "/etc/certidude/authority/%s/ca_cert.pem" % authority_name authority_path = "/etc/certidude/authority/%s/ca_cert.pem" % authority_name
finally:
if os.path.exists(authority_path):
click.echo("Found authority certificate in: %s" % authority_path)
with open(authority_path, "rb") as fh:
header, _, certificate_der_bytes = pem.unarmor(fh.read())
authority_certificate = x509.Certificate.load(certificate_der_bytes)
else:
if not os.path.exists(os.path.dirname(authority_path)):
os.makedirs(os.path.dirname(authority_path))
authority_url = "http://%s/api/certificate/" % authority_name
click.echo("Attempting to fetch authority certificate from %s" % authority_url)
try:
r = requests.get(authority_url,
headers={"Accept": "application/x-x509-ca-cert,application/x-pem-file"})
header, _, certificate_der_bytes = pem.unarmor(r.content)
authority_certificate = x509.Certificate.load(certificate_der_bytes)
except requests.exceptions.ConnectionError:
click.echo("Connection error while attempting to fetch %s" % authority_url)
continue
authority_partial = authority_path + ".part"
with open(authority_partial, "wb") as oh:
oh.write(r.content)
click.echo("Writing authority certificate to: %s" % authority_path)
selinux_fixup(authority_partial)
os.rename(authority_partial, authority_path)
authority_public_key = asymmetric.load_public_key( if os.path.exists(authority_path):
authority_certificate["tbs_certificate"]["subject_public_key_info"]) click.echo("Found authority certificate in: %s" % authority_path)
with open(authority_path, "rb") as fh:
header, _, certificate_der_bytes = pem.unarmor(fh.read())
authority_certificate = x509.Certificate.load(certificate_der_bytes)
else:
if not os.path.exists(os.path.dirname(authority_path)):
os.makedirs(os.path.dirname(authority_path))
authority_url = "http://%s/api/certificate/" % authority_name
click.echo("Attempting to fetch authority certificate from %s" % authority_url)
try:
r = requests.get(authority_url,
headers={"Accept": "application/x-x509-ca-cert,application/x-pem-file"})
header, _, certificate_der_bytes = pem.unarmor(r.content)
authority_certificate = x509.Certificate.load(certificate_der_bytes)
except requests.exceptions.ConnectionError:
click.echo("Connection error while attempting to fetch %s" % authority_url)
continue
authority_partial = authority_path + ".part"
with open(authority_partial, "wb") as oh:
oh.write(r.content)
click.echo("Writing authority certificate to: %s" % authority_path)
selinux_fixup(authority_partial)
os.rename(authority_partial, authority_path)
authority_public_key = asymmetric.load_public_key(
authority_certificate["tbs_certificate"]["subject_public_key_info"])
try: try:
config_path = clients.get(authority_name, "config path") config_path = clients.get(authority_name, "config path")
except NoOptionError: except NoOptionError:
config_path = "/etc/certidude/authority/%s/config.json" % authority_name config_path = "/etc/certidude/authority/%s/config.json" % authority_name
finally:
if os.path.exists(config_path):
click.echo("Found config in: %s" % config_path)
with open(config_path) as fh:
bootstrap = json.loads(fh.read())
else:
bootstrap_url = "http://%s/api/bootstrap/" % authority_name
click.echo("Attempting to bootstrap connection from %s" % bootstrap_url)
try:
r = requests.get(bootstrap_url)
except requests.exceptions.ConnectionError:
click.echo("Connection error while attempting to fetch %s" % bootstrap_url)
continue
else:
if r.status_code != 200:
raise ValueError("Bootstrap API endpoint returned %s" % r.content)
bootstrap = r.json()
config_partial = config_path + ".part" if os.path.exists(config_path):
with open(config_partial, "wb") as oh: click.echo("Found config in: %s" % config_path)
oh.write(r.content) with open(config_path) as fh:
click.echo("Writing configuration to: %s" % config_path) bootstrap = json.loads(fh.read())
os.rename(config_partial, config_path) else:
bootstrap_url = "http://%s/api/bootstrap/" % authority_name
click.echo("Attempting to bootstrap connection from %s" % bootstrap_url)
try:
r = requests.get(bootstrap_url)
except requests.exceptions.ConnectionError:
click.echo("Connection error while attempting to fetch %s" % bootstrap_url)
continue
else:
if r.status_code != 200:
raise ValueError("Bootstrap API endpoint returned %s" % r.content)
bootstrap = r.json()
config_partial = config_path + ".part"
with open(config_partial, "wb") as oh:
oh.write(r.content)
click.echo("Writing configuration to: %s" % config_path)
os.rename(config_partial, config_path)
try: try:
common_name = clients.get(authority_name, "common name") common_name = clients.get(authority_name, "common name")