Fix Custodia imports

See: https://pagure.io/freeipa/issue/8882 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2025-02-25 18:55:28 -06:00 · 2021-06-11 08:32:25 +02:00
parent d27f01b2fb
commit a4631b7f3f
20 changed files with 77 additions and 45 deletions
--- a/install/share/custodia.conf.template
+++ b/install/share/custodia.conf.template
@@ -4,12 +4,12 @@ server_socket = $IPA_CUSTODIA_SOCKET
 auditlog = $IPA_CUSTODIA_AUDIT_LOG

 [auth:simple]
-handler = custodia.httpd.authenticators.SimpleCredsAuth
+handler = ipaserver.custodia.httpd.authenticators.SimpleCredsAuth
 uid = $UID
 gid = $GID

 [auth:header]
-handler = custodia.httpd.authenticators.SimpleHeaderAuth
+handler = ipaserver.custodia.httpd.authenticators.SimpleHeaderAuth
 header = GSS_NAME

 [authz:kemkeys]
@@ -23,6 +23,6 @@ handler = ipaserver.secrets.store.IPASecStore
 ldap_uri = $LDAP_URI

 [/keys]
-handler = custodia.secrets.Secrets
+handler = ipaserver.custodia.secrets.Secrets
 allowed_keytypes = kem
 store = ipa
--- a/install/tools/ipa-custodia-check.in
+++ b/install/tools/ipa-custodia-check.in
@@ -11,7 +11,7 @@ import os
 import platform
 import warnings

-from custodia.message.kem import KEY_USAGE_SIG, KEY_USAGE_ENC, KEY_USAGE_MAP
+from ipaserver.custodia.message.kem import KEY_USAGE_SIG, KEY_USAGE_ENC, KEY_USAGE_MAP

 from jwcrypto.common import json_decode
 from jwcrypto.jwk import JWK
--- a/ipaserver/custodia/client.py
+++ b/ipaserver/custodia/client.py
@@ -21,8 +21,8 @@ try:
 except ImportError:
    requests_gssapi = None

-from custodia.log import getLogger
-from custodia.message.kem import (
+from ipaserver.custodia.log import getLogger
+from ipaserver.custodia.message.kem import (
    check_kem_claims, decode_enc_kem, make_enc_kem
 )

--- a/ipaserver/custodia/forwarder.py
+++ b/ipaserver/custodia/forwarder.py
@@ -3,9 +3,9 @@ from __future__ import absolute_import

 import uuid

-from custodia.client import CustodiaHTTPClient
-from custodia.plugin import HTTPConsumer, HTTPError
-from custodia.plugin import INHERIT_GLOBAL, PluginOption, REQUIRED
+from ipaserver.custodia.client import CustodiaHTTPClient
+from ipaserver.custodia.plugin import HTTPConsumer, HTTPError
+from ipaserver.custodia.plugin import INHERIT_GLOBAL, PluginOption, REQUIRED


 class Forwarder(HTTPConsumer):
--- a/ipaserver/custodia/httpd/authenticators.py
+++ b/ipaserver/custodia/httpd/authenticators.py
@@ -6,7 +6,7 @@ import os
 from cryptography.hazmat.primitives import constant_time

 from custodia import log
-from custodia.plugin import HTTPAuthenticator, PluginOption
+from ipaserver.custodia.plugin import HTTPAuthenticator, PluginOption


 class SimpleCredsAuth(HTTPAuthenticator):
--- a/ipaserver/custodia/httpd/authorizers.py
+++ b/ipaserver/custodia/httpd/authorizers.py
@@ -4,7 +4,7 @@ from __future__ import absolute_import
 import os

 from custodia import log
-from custodia.plugin import HTTPAuthorizer, PluginOption
+from ipaserver.custodia.plugin import HTTPAuthorizer, PluginOption


 class SimplePathAuthz(HTTPAuthorizer):
--- a/ipaserver/custodia/httpd/server.py
+++ b/ipaserver/custodia/httpd/server.py
@@ -14,8 +14,8 @@ import warnings
 import six

 from custodia import log
-from custodia.compat import parse_qs, unquote, urlparse
-from custodia.plugin import HTTPError
+from ipaserver.custodia.compat import parse_qs, unquote, urlparse
+from ipaserver.custodia.plugin import HTTPError

 # pylint: disable=import-error,no-name-in-module
 if six.PY2:
--- a/ipaserver/custodia/message/common.py
+++ b/ipaserver/custodia/message/common.py
@@ -1,7 +1,7 @@
 # Copyright (C) 2015  Custodia Project Contributors - see LICENSE file
 from __future__ import absolute_import

-from custodia.log import getLogger
+from ipaserver.custodia.log import getLogger

 logger = getLogger(__name__)

--- a/ipaserver/custodia/message/formats.py
+++ b/ipaserver/custodia/message/formats.py
@@ -1,11 +1,11 @@
 # Copyright (C) 2015  Custodia Project Contributors - see LICENSE file
 from __future__ import absolute_import

-from custodia.message.common import InvalidMessage
-from custodia.message.common import UnallowedMessage
-from custodia.message.common import UnknownMessageType
-from custodia.message.kem import KEMHandler
-from custodia.message.simple import SimpleKey
+from ipaserver.custodia.message.common import InvalidMessage
+from ipaserver.custodia.message.common import UnallowedMessage
+from ipaserver.custodia.message.common import UnknownMessageType
+from ipaserver.custodia.message.kem import KEMHandler
+from ipaserver.custodia.message.simple import SimpleKey


 default_types = ['simple', 'kem']
--- a/ipaserver/custodia/message/kem.py
+++ b/ipaserver/custodia/message/kem.py
@@ -11,10 +11,10 @@ from jwcrypto.jwk import JWK
 from jwcrypto.jws import JWS
 from jwcrypto.jwt import JWT

-from custodia.httpd.authorizers import SimplePathAuthz
-from custodia.log import getLogger
-from custodia.message.common import InvalidMessage
-from custodia.message.common import MessageHandler
+from ipaserver.custodia.httpd.authorizers import SimplePathAuthz
+from ipaserver.custodia.log import getLogger
+from ipaserver.custodia.message.common import InvalidMessage
+from ipaserver.custodia.message.common import MessageHandler

 logger = getLogger(__name__)

--- a/ipaserver/custodia/message/simple.py
+++ b/ipaserver/custodia/message/simple.py
@@ -3,8 +3,8 @@ from __future__ import absolute_import

 from six import string_types

-from custodia.message.common import InvalidMessage
-from custodia.message.common import MessageHandler
+from ipaserver.custodia.message.common import InvalidMessage
+from ipaserver.custodia.message.common import MessageHandler


 class SimpleKey(MessageHandler):
--- a/ipaserver/custodia/root.py
+++ b/ipaserver/custodia/root.py
@@ -3,8 +3,8 @@ from __future__ import absolute_import

 import json

-from custodia.plugin import HTTPConsumer, PluginOption
-from custodia.secrets import Secrets
+from ipaserver.custodia.plugin import HTTPConsumer, PluginOption
+from ipaserver.custodia.secrets import Secrets


 class Root(HTTPConsumer):
--- a/ipaserver/custodia/secrets.py
+++ b/ipaserver/custodia/secrets.py
@@ -6,13 +6,13 @@ import os
 from base64 import b64decode, b64encode

 from custodia import log
-from custodia.message.common import UnallowedMessage
-from custodia.message.common import UnknownMessageType
-from custodia.message.formats import Validator
-from custodia.plugin import (
+from ipaserver.custodia.message.common import UnallowedMessage
+from ipaserver.custodia.message.common import UnknownMessageType
+from ipaserver.custodia.message.formats import Validator
+from ipaserver.custodia.plugin import (
    CSStoreDenied, CSStoreError, CSStoreExists, CSStoreUnsupported
 )
-from custodia.plugin import HTTPConsumer, HTTPError, PluginOption
+from ipaserver.custodia.plugin import HTTPConsumer, HTTPError, PluginOption


 class Secrets(HTTPConsumer):
--- a/ipaserver/custodia/server/init.py
+++ b/ipaserver/custodia/server/init.py
@@ -9,7 +9,7 @@ import pkg_resources
 import six

 from custodia import log
-from custodia.httpd.server import HTTPServer
+from ipaserver.custodia.httpd.server import HTTPServer

 from .args import default_argparser
 from .args import parse_args as _parse_args
--- a/ipaserver/custodia/server/main.py
+++ b/ipaserver/custodia/server/main.py
@@ -1,7 +1,7 @@
 # Copyright (C) 2015  Custodia Project Contributors - see LICENSE file
 from __future__ import absolute_import

-from custodia.server import main
+from ipaserver.custodia.server import main

 if __name__ == '__main__':
    main()
--- a/ipaserver/custodia/server/config.py
+++ b/ipaserver/custodia/server/config.py
@@ -7,8 +7,8 @@ import socket

 import six

-from custodia.compat import configparser
-from custodia.compat import url_escape
+from ipaserver.custodia.compat import configparser
+from ipaserver.custodia.compat import url_escape


 class CustodiaConfig(object):
--- a/ipaserver/secrets/client.py
+++ b/ipaserver/secrets/client.py
@@ -9,7 +9,9 @@ from base64 import b64encode


 # pylint: disable=relative-import
-from custodia.message.kem import KEMClient, KEY_USAGE_SIG, KEY_USAGE_ENC
+from ipaserver.custodia.message.kem import (
+    KEMClient, KEY_USAGE_SIG, KEY_USAGE_ENC
+)
 # pylint: enable=relative-import
 from jwcrypto.common import json_decode
 from jwcrypto.jwk import JWK
--- a/ipaserver/secrets/kem.py
+++ b/ipaserver/secrets/kem.py
@@ -13,8 +13,9 @@ from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.primitives.asymmetric import rsa, ec
 # pylint: disable=relative-import
-from custodia.message.kem import KEMKeysStore
-from custodia.message.kem import KEY_USAGE_SIG, KEY_USAGE_ENC, KEY_USAGE_MAP
+from ipaserver.custodia.message.kem import (
+    KEMKeysStore, KEY_USAGE_SIG, KEY_USAGE_ENC, KEY_USAGE_MAP
+)
 # pylint: enable=relative-import
 from jwcrypto.common import json_decode, json_encode
 from jwcrypto.common import base64url_encode
--- a/ipaserver/secrets/store.py
+++ b/ipaserver/secrets/store.py
@@ -4,7 +4,7 @@ from __future__ import print_function, absolute_import
 import os
 import sys

-from custodia.plugin import CSStore
+from ipaserver.custodia.plugin import CSStore

 from ipaplatform.paths import paths
 from ipaplatform.constants import constants
--- a/ipaserver/setup.py
+++ b/ipaserver/setup.py
@@ -23,6 +23,31 @@ Python-level packaging using setuptools
 from os.path import abspath, dirname
 import sys

+custodia_authenticators = [
+    'IPAInterface = ipaserver.custodia.ipa.interface:IPAInterface',
+    ('SimpleCredsAuth = '
+     'ipaserver.custodia.httpd.authenticators:SimpleCredsAuth'),
+]
+
+custodia_authorizers = [
+    'SimplePathAuthz = ipaserver.custodia.httpd.authorizers:SimplePathAuthz',
+    'UserNameSpace = ipaserver.custodia.httpd.authorizers:UserNameSpace',
+    'KEMKeysStore = ipaserver.custodia.message.kem:KEMKeysStore',
+    'IPAKEMKeys = ipaserver.secrets.kem:IPAKEMKeys',
+]
+
+custodia_clients = [
+    'KEMClient = ipaserver.custodia.client:CustodiaKEMClient',
+    'SimpleClient = ipaserver.custodia.client:CustodiaSimpleClient',
+]
+
+custodia_consumers = [
+    'Forwarder = ipaserver.custodia.forwarder:Forwarder',
+    'Secrets = ipaserver.custodia.secrets:Secrets',
+    'Root = ipaserver.custodia.root:Root',
+]
+
+
 if __name__ == '__main__':
    # include ../ for ipasetup.py
    sys.path.append(dirname(dirname(abspath(__file__))))
@@ -36,6 +61,10 @@ if __name__ == '__main__':
            'ipaserver',
            'ipaserver.advise',
            'ipaserver.advise.plugins',
+            'ipaserver.custodia',
+            'ipaserver.custodia.httpd',
+            'ipaserver.custodia.message',
+            'ipaserver.custodia.server',
            'ipaserver.dnssec',
            'ipaserver.plugins',
            'ipaserver.secrets',
@@ -46,7 +75,6 @@ if __name__ == '__main__':
        ],
        install_requires=[
            "cryptography",
-            "custodia",
            "dbus-python",
            "dnspython",
            # dogtag-pki is just the client package on PyPI. ipaserver
@@ -67,10 +95,11 @@ if __name__ == '__main__':
            "python-ldap",
        ],
        entry_points={
-            'custodia.authorizers': [
-                'IPAKEMKeys = ipaserver.secrets.kem:IPAKEMKeys',
-            ],
-            'custodia.stores': [
+            'ipaserver.custodia.authenticators': custodia_authenticators,
+            'ipaserver.custodia.authorizers': custodia_authorizers,
+            'ipaserver.custodia.clients': custodia_clients,
+            'ipaserver.custodia.consumers': custodia_consumers,
+            'ipaserver.custodia.stores': [
                'IPASecStore = ipaserver.secrets.store:IPASecStore',
            ],
        },