From a4631b7f3f1eca068c3ff6fbfe91563dbe911c4b Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Fri, 11 Jun 2021 08:32:25 +0200 Subject: [PATCH] Fix Custodia imports See: https://pagure.io/freeipa/issue/8882 Signed-off-by: Christian Heimes Reviewed-By: Alexander Bokovoy Reviewed-By: Rob Crittenden --- install/share/custodia.conf.template | 6 ++-- install/tools/ipa-custodia-check.in | 2 +- ipaserver/custodia/client.py | 4 +-- ipaserver/custodia/forwarder.py | 6 ++-- ipaserver/custodia/httpd/authenticators.py | 2 +- ipaserver/custodia/httpd/authorizers.py | 2 +- ipaserver/custodia/httpd/server.py | 4 +-- ipaserver/custodia/message/common.py | 2 +- ipaserver/custodia/message/formats.py | 10 +++--- ipaserver/custodia/message/kem.py | 8 ++--- ipaserver/custodia/message/simple.py | 4 +-- ipaserver/custodia/root.py | 4 +-- ipaserver/custodia/secrets.py | 10 +++--- ipaserver/custodia/server/__init__.py | 2 +- ipaserver/custodia/server/__main__.py | 2 +- ipaserver/custodia/server/config.py | 4 +-- ipaserver/secrets/client.py | 4 ++- ipaserver/secrets/kem.py | 5 +-- ipaserver/secrets/store.py | 2 +- ipaserver/setup.py | 39 +++++++++++++++++++--- 20 files changed, 77 insertions(+), 45 deletions(-) diff --git a/install/share/custodia.conf.template b/install/share/custodia.conf.template index ee3c43ca7..bbc1de130 100644 --- a/install/share/custodia.conf.template +++ b/install/share/custodia.conf.template @@ -4,12 +4,12 @@ server_socket = $IPA_CUSTODIA_SOCKET auditlog = $IPA_CUSTODIA_AUDIT_LOG [auth:simple] -handler = custodia.httpd.authenticators.SimpleCredsAuth +handler = ipaserver.custodia.httpd.authenticators.SimpleCredsAuth uid = $UID gid = $GID [auth:header] -handler = custodia.httpd.authenticators.SimpleHeaderAuth +handler = ipaserver.custodia.httpd.authenticators.SimpleHeaderAuth header = GSS_NAME [authz:kemkeys] @@ -23,6 +23,6 @@ handler = ipaserver.secrets.store.IPASecStore ldap_uri = $LDAP_URI [/keys] -handler = custodia.secrets.Secrets +handler = ipaserver.custodia.secrets.Secrets allowed_keytypes = kem store = ipa diff --git a/install/tools/ipa-custodia-check.in b/install/tools/ipa-custodia-check.in index e357b117d..59d42b6ff 100644 --- a/install/tools/ipa-custodia-check.in +++ b/install/tools/ipa-custodia-check.in @@ -11,7 +11,7 @@ import os import platform import warnings -from custodia.message.kem import KEY_USAGE_SIG, KEY_USAGE_ENC, KEY_USAGE_MAP +from ipaserver.custodia.message.kem import KEY_USAGE_SIG, KEY_USAGE_ENC, KEY_USAGE_MAP from jwcrypto.common import json_decode from jwcrypto.jwk import JWK diff --git a/ipaserver/custodia/client.py b/ipaserver/custodia/client.py index 4d773b49e..7b676eda3 100644 --- a/ipaserver/custodia/client.py +++ b/ipaserver/custodia/client.py @@ -21,8 +21,8 @@ try: except ImportError: requests_gssapi = None -from custodia.log import getLogger -from custodia.message.kem import ( +from ipaserver.custodia.log import getLogger +from ipaserver.custodia.message.kem import ( check_kem_claims, decode_enc_kem, make_enc_kem ) diff --git a/ipaserver/custodia/forwarder.py b/ipaserver/custodia/forwarder.py index a05005d5f..0927771ad 100644 --- a/ipaserver/custodia/forwarder.py +++ b/ipaserver/custodia/forwarder.py @@ -3,9 +3,9 @@ from __future__ import absolute_import import uuid -from custodia.client import CustodiaHTTPClient -from custodia.plugin import HTTPConsumer, HTTPError -from custodia.plugin import INHERIT_GLOBAL, PluginOption, REQUIRED +from ipaserver.custodia.client import CustodiaHTTPClient +from ipaserver.custodia.plugin import HTTPConsumer, HTTPError +from ipaserver.custodia.plugin import INHERIT_GLOBAL, PluginOption, REQUIRED class Forwarder(HTTPConsumer): diff --git a/ipaserver/custodia/httpd/authenticators.py b/ipaserver/custodia/httpd/authenticators.py index 44af37755..f0ae14685 100644 --- a/ipaserver/custodia/httpd/authenticators.py +++ b/ipaserver/custodia/httpd/authenticators.py @@ -6,7 +6,7 @@ import os from cryptography.hazmat.primitives import constant_time from custodia import log -from custodia.plugin import HTTPAuthenticator, PluginOption +from ipaserver.custodia.plugin import HTTPAuthenticator, PluginOption class SimpleCredsAuth(HTTPAuthenticator): diff --git a/ipaserver/custodia/httpd/authorizers.py b/ipaserver/custodia/httpd/authorizers.py index 951f4a56c..83e1c4af8 100644 --- a/ipaserver/custodia/httpd/authorizers.py +++ b/ipaserver/custodia/httpd/authorizers.py @@ -4,7 +4,7 @@ from __future__ import absolute_import import os from custodia import log -from custodia.plugin import HTTPAuthorizer, PluginOption +from ipaserver.custodia.plugin import HTTPAuthorizer, PluginOption class SimplePathAuthz(HTTPAuthorizer): diff --git a/ipaserver/custodia/httpd/server.py b/ipaserver/custodia/httpd/server.py index de5180108..9c34f46f7 100644 --- a/ipaserver/custodia/httpd/server.py +++ b/ipaserver/custodia/httpd/server.py @@ -14,8 +14,8 @@ import warnings import six from custodia import log -from custodia.compat import parse_qs, unquote, urlparse -from custodia.plugin import HTTPError +from ipaserver.custodia.compat import parse_qs, unquote, urlparse +from ipaserver.custodia.plugin import HTTPError # pylint: disable=import-error,no-name-in-module if six.PY2: diff --git a/ipaserver/custodia/message/common.py b/ipaserver/custodia/message/common.py index 7c8b494a7..18b4c78eb 100644 --- a/ipaserver/custodia/message/common.py +++ b/ipaserver/custodia/message/common.py @@ -1,7 +1,7 @@ # Copyright (C) 2015 Custodia Project Contributors - see LICENSE file from __future__ import absolute_import -from custodia.log import getLogger +from ipaserver.custodia.log import getLogger logger = getLogger(__name__) diff --git a/ipaserver/custodia/message/formats.py b/ipaserver/custodia/message/formats.py index 4b38b7384..0dca2e9be 100644 --- a/ipaserver/custodia/message/formats.py +++ b/ipaserver/custodia/message/formats.py @@ -1,11 +1,11 @@ # Copyright (C) 2015 Custodia Project Contributors - see LICENSE file from __future__ import absolute_import -from custodia.message.common import InvalidMessage -from custodia.message.common import UnallowedMessage -from custodia.message.common import UnknownMessageType -from custodia.message.kem import KEMHandler -from custodia.message.simple import SimpleKey +from ipaserver.custodia.message.common import InvalidMessage +from ipaserver.custodia.message.common import UnallowedMessage +from ipaserver.custodia.message.common import UnknownMessageType +from ipaserver.custodia.message.kem import KEMHandler +from ipaserver.custodia.message.simple import SimpleKey default_types = ['simple', 'kem'] diff --git a/ipaserver/custodia/message/kem.py b/ipaserver/custodia/message/kem.py index 3a3589d00..b7eecd5e4 100644 --- a/ipaserver/custodia/message/kem.py +++ b/ipaserver/custodia/message/kem.py @@ -11,10 +11,10 @@ from jwcrypto.jwk import JWK from jwcrypto.jws import JWS from jwcrypto.jwt import JWT -from custodia.httpd.authorizers import SimplePathAuthz -from custodia.log import getLogger -from custodia.message.common import InvalidMessage -from custodia.message.common import MessageHandler +from ipaserver.custodia.httpd.authorizers import SimplePathAuthz +from ipaserver.custodia.log import getLogger +from ipaserver.custodia.message.common import InvalidMessage +from ipaserver.custodia.message.common import MessageHandler logger = getLogger(__name__) diff --git a/ipaserver/custodia/message/simple.py b/ipaserver/custodia/message/simple.py index ebba91b9f..897852081 100644 --- a/ipaserver/custodia/message/simple.py +++ b/ipaserver/custodia/message/simple.py @@ -3,8 +3,8 @@ from __future__ import absolute_import from six import string_types -from custodia.message.common import InvalidMessage -from custodia.message.common import MessageHandler +from ipaserver.custodia.message.common import InvalidMessage +from ipaserver.custodia.message.common import MessageHandler class SimpleKey(MessageHandler): diff --git a/ipaserver/custodia/root.py b/ipaserver/custodia/root.py index 6cddbe02d..bd67c9e4c 100644 --- a/ipaserver/custodia/root.py +++ b/ipaserver/custodia/root.py @@ -3,8 +3,8 @@ from __future__ import absolute_import import json -from custodia.plugin import HTTPConsumer, PluginOption -from custodia.secrets import Secrets +from ipaserver.custodia.plugin import HTTPConsumer, PluginOption +from ipaserver.custodia.secrets import Secrets class Root(HTTPConsumer): diff --git a/ipaserver/custodia/secrets.py b/ipaserver/custodia/secrets.py index 7d117bf8a..c3b123686 100644 --- a/ipaserver/custodia/secrets.py +++ b/ipaserver/custodia/secrets.py @@ -6,13 +6,13 @@ import os from base64 import b64decode, b64encode from custodia import log -from custodia.message.common import UnallowedMessage -from custodia.message.common import UnknownMessageType -from custodia.message.formats import Validator -from custodia.plugin import ( +from ipaserver.custodia.message.common import UnallowedMessage +from ipaserver.custodia.message.common import UnknownMessageType +from ipaserver.custodia.message.formats import Validator +from ipaserver.custodia.plugin import ( CSStoreDenied, CSStoreError, CSStoreExists, CSStoreUnsupported ) -from custodia.plugin import HTTPConsumer, HTTPError, PluginOption +from ipaserver.custodia.plugin import HTTPConsumer, HTTPError, PluginOption class Secrets(HTTPConsumer): diff --git a/ipaserver/custodia/server/__init__.py b/ipaserver/custodia/server/__init__.py index 149669475..ada9e1a70 100644 --- a/ipaserver/custodia/server/__init__.py +++ b/ipaserver/custodia/server/__init__.py @@ -9,7 +9,7 @@ import pkg_resources import six from custodia import log -from custodia.httpd.server import HTTPServer +from ipaserver.custodia.httpd.server import HTTPServer from .args import default_argparser from .args import parse_args as _parse_args diff --git a/ipaserver/custodia/server/__main__.py b/ipaserver/custodia/server/__main__.py index 30981f980..4f7154581 100644 --- a/ipaserver/custodia/server/__main__.py +++ b/ipaserver/custodia/server/__main__.py @@ -1,7 +1,7 @@ # Copyright (C) 2015 Custodia Project Contributors - see LICENSE file from __future__ import absolute_import -from custodia.server import main +from ipaserver.custodia.server import main if __name__ == '__main__': main() diff --git a/ipaserver/custodia/server/config.py b/ipaserver/custodia/server/config.py index 2c62106df..f9172215e 100644 --- a/ipaserver/custodia/server/config.py +++ b/ipaserver/custodia/server/config.py @@ -7,8 +7,8 @@ import socket import six -from custodia.compat import configparser -from custodia.compat import url_escape +from ipaserver.custodia.compat import configparser +from ipaserver.custodia.compat import url_escape class CustodiaConfig(object): diff --git a/ipaserver/secrets/client.py b/ipaserver/secrets/client.py index 4c82041df..8254e1262 100644 --- a/ipaserver/secrets/client.py +++ b/ipaserver/secrets/client.py @@ -9,7 +9,9 @@ from base64 import b64encode # pylint: disable=relative-import -from custodia.message.kem import KEMClient, KEY_USAGE_SIG, KEY_USAGE_ENC +from ipaserver.custodia.message.kem import ( + KEMClient, KEY_USAGE_SIG, KEY_USAGE_ENC +) # pylint: enable=relative-import from jwcrypto.common import json_decode from jwcrypto.jwk import JWK diff --git a/ipaserver/secrets/kem.py b/ipaserver/secrets/kem.py index 03404c761..db96c5b5a 100644 --- a/ipaserver/secrets/kem.py +++ b/ipaserver/secrets/kem.py @@ -13,8 +13,9 @@ from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import rsa, ec # pylint: disable=relative-import -from custodia.message.kem import KEMKeysStore -from custodia.message.kem import KEY_USAGE_SIG, KEY_USAGE_ENC, KEY_USAGE_MAP +from ipaserver.custodia.message.kem import ( + KEMKeysStore, KEY_USAGE_SIG, KEY_USAGE_ENC, KEY_USAGE_MAP +) # pylint: enable=relative-import from jwcrypto.common import json_decode, json_encode from jwcrypto.common import base64url_encode diff --git a/ipaserver/secrets/store.py b/ipaserver/secrets/store.py index eba1b3b5f..c51ebcad0 100644 --- a/ipaserver/secrets/store.py +++ b/ipaserver/secrets/store.py @@ -4,7 +4,7 @@ from __future__ import print_function, absolute_import import os import sys -from custodia.plugin import CSStore +from ipaserver.custodia.plugin import CSStore from ipaplatform.paths import paths from ipaplatform.constants import constants diff --git a/ipaserver/setup.py b/ipaserver/setup.py index ff9cd81a7..2d6fd5242 100644 --- a/ipaserver/setup.py +++ b/ipaserver/setup.py @@ -23,6 +23,31 @@ Python-level packaging using setuptools from os.path import abspath, dirname import sys +custodia_authenticators = [ + 'IPAInterface = ipaserver.custodia.ipa.interface:IPAInterface', + ('SimpleCredsAuth = ' + 'ipaserver.custodia.httpd.authenticators:SimpleCredsAuth'), +] + +custodia_authorizers = [ + 'SimplePathAuthz = ipaserver.custodia.httpd.authorizers:SimplePathAuthz', + 'UserNameSpace = ipaserver.custodia.httpd.authorizers:UserNameSpace', + 'KEMKeysStore = ipaserver.custodia.message.kem:KEMKeysStore', + 'IPAKEMKeys = ipaserver.secrets.kem:IPAKEMKeys', +] + +custodia_clients = [ + 'KEMClient = ipaserver.custodia.client:CustodiaKEMClient', + 'SimpleClient = ipaserver.custodia.client:CustodiaSimpleClient', +] + +custodia_consumers = [ + 'Forwarder = ipaserver.custodia.forwarder:Forwarder', + 'Secrets = ipaserver.custodia.secrets:Secrets', + 'Root = ipaserver.custodia.root:Root', +] + + if __name__ == '__main__': # include ../ for ipasetup.py sys.path.append(dirname(dirname(abspath(__file__)))) @@ -36,6 +61,10 @@ if __name__ == '__main__': 'ipaserver', 'ipaserver.advise', 'ipaserver.advise.plugins', + 'ipaserver.custodia', + 'ipaserver.custodia.httpd', + 'ipaserver.custodia.message', + 'ipaserver.custodia.server', 'ipaserver.dnssec', 'ipaserver.plugins', 'ipaserver.secrets', @@ -46,7 +75,6 @@ if __name__ == '__main__': ], install_requires=[ "cryptography", - "custodia", "dbus-python", "dnspython", # dogtag-pki is just the client package on PyPI. ipaserver @@ -67,10 +95,11 @@ if __name__ == '__main__': "python-ldap", ], entry_points={ - 'custodia.authorizers': [ - 'IPAKEMKeys = ipaserver.secrets.kem:IPAKEMKeys', - ], - 'custodia.stores': [ + 'ipaserver.custodia.authenticators': custodia_authenticators, + 'ipaserver.custodia.authorizers': custodia_authorizers, + 'ipaserver.custodia.clients': custodia_clients, + 'ipaserver.custodia.consumers': custodia_consumers, + 'ipaserver.custodia.stores': [ 'IPASecStore = ipaserver.secrets.store:IPASecStore', ], },