Come up with a better name for the certificate path.

OpenSCAP · Jun 17, 2021 · 3c32b4d · 3c32b4d
1 parent b2cf57c
commit 3c32b4d
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 22 deletions.
diff --git a/org_fedora_oscap/content_discovery.py b/org_fedora_oscap/content_discovery.py
@@ -57,24 +57,24 @@ def content_uri(self, uri):
         self.content_uri_path = path
         self.content_uri_scheme = scheme
 
-    def fetch_content(self, what_if_fail, cert=""):
+    def fetch_content(self, what_if_fail, ca_certs_path=""):
         """
         Initiate fetch of the content into an appropriate directory
 
         Args:
             what_if_fail: Callback accepting exception as an argument that
                 should handle them in the calling layer.
-            cert: HTTPS certificates
+            ca_certs_path: Path to the HTTPS certificate file
         """
         self.content_uri = self._addon_data.content_url
         shutil.rmtree(self.CONTENT_DOWNLOAD_LOCATION, ignore_errors=True)
         self.CONTENT_DOWNLOAD_LOCATION.mkdir(parents=True, exist_ok=True)
         fetching_thread_name = self._fetch_files(
             self.content_uri_scheme, self.content_uri_path,
-            self.CONTENT_DOWNLOAD_LOCATION, cert, what_if_fail)
+            self.CONTENT_DOWNLOAD_LOCATION, ca_certs_path, what_if_fail)
         return fetching_thread_name
 
-    def _fetch_files(self, scheme, path, destdir, cert, what_if_fail):
+    def _fetch_files(self, scheme, path, destdir, ca_certs_path, what_if_fail):
         with self.activity_lock:
             if self.now_fetching_or_processing:
                 msg = "Strange, it seems that we are already fetching something."
@@ -84,7 +84,7 @@ def _fetch_files(self, scheme, path, destdir, cert, what_if_fail):
 
         fetching_thread_name = None
         try:
-            fetching_thread_name = self._start_actual_fetch(scheme, path, destdir, cert)
+            fetching_thread_name = self._start_actual_fetch(scheme, path, destdir, ca_certs_path)
         except Exception as exc:
             with self.activity_lock:
                 self.now_fetching_or_processing = False
@@ -93,7 +93,7 @@ def _fetch_files(self, scheme, path, destdir, cert, what_if_fail):
         # We are not finished yet with the fetch
         return fetching_thread_name
 
-    def _start_actual_fetch(self, scheme, path, destdir, cert):
+    def _start_actual_fetch(self, scheme, path, destdir, ca_certs_path):
         fetching_thread_name = None
         url = scheme + "://" + path
 
@@ -111,7 +111,7 @@ def _start_actual_fetch(self, scheme, path, destdir, cert):
             fetching_thread_name = data_fetch.wait_and_fetch_net_data(
                 url,
                 dest,
-                cert
+                ca_certs_path
             )
         else:  # invalid schemes are handled down the road
             fetching_thread_name = data_fetch.fetch_local_data(

diff --git a/org_fedora_oscap/data_fetch.py b/org_fedora_oscap/data_fetch.py
@@ -95,7 +95,7 @@ def fetch_local_data(url, out_file):
     return common.THREAD_FETCH_DATA
 
 
-def wait_and_fetch_net_data(url, out_file, ca_certs=None):
+def wait_and_fetch_net_data(url, out_file, ca_certs_path=None):
     """
     Function that waits for network connection and starts a thread that fetches
     data over network.
@@ -119,7 +119,7 @@ def wait_and_fetch_net_data(url, out_file, ca_certs=None):
     log.info(f"Fetching data from {url}")
     fetch_data_thread = AnacondaThread(name=common.THREAD_FETCH_DATA,
                                        target=fetch_data,
-                                       args=(url, out_file, ca_certs),
+                                       args=(url, out_file, ca_certs_path),
                                        fatal=False)
 
     # register and run the thread
@@ -143,20 +143,20 @@ def can_fetch_from(url):
     return any(url.startswith(prefix) for prefix in resources)
 
 
-def fetch_data(url, out_file, ca_certs=None):
+def fetch_data(url, out_file, ca_certs_path=None):
     """
-    Fetch data from a given URL. If the URL starts with https://, ca_certs can
+    Fetch data from a given URL. If the URL starts with https://, ca_certs_path can
     be a path to PEM file with CA certificate chain to validate server
     certificate.
 
     :param url: URL of the data
     :type url: str
     :param out_file: path to the output file
     :type out_file: str
-    :param ca_certs: path to a PEM file with CA certificate chain
-    :type ca_certs: str
+    :param ca_certs_path: path to a PEM file with CA certificate chain
+    :type ca_certs_path: str
     :raise WrongRequestError: if a wrong combination of arguments is passed
-                              (ca_certs file path given and url starting with
+                              (ca_certs_path file path given and url starting with
                               http://) or arguments don't have required format
     :raise CertificateValidationError: if server certificate validation fails
     :raise FetchError: if data fetching fails (usually due to I/O errors)
@@ -168,14 +168,14 @@ def fetch_data(url, out_file, ca_certs=None):
     utils.ensure_dir_exists(out_dir)
 
     if can_fetch_from(url):
-        _curl_fetch(url, out_file, ca_certs)
+        _curl_fetch(url, out_file, ca_certs_path)
     else:
         msg = "Cannot fetch data from '%s': unknown URL format" % url
         raise UnknownURLformatError(msg)
     log.info(f"Data fetch from {url} completed")
 
 
-def _curl_fetch(url, out_file, ca_certs=None):
+def _curl_fetch(url, out_file, ca_certs_path=None):
     """
     Function that fetches data and writes it out to the given file path. If a
     path to the file with CA certificates is given and the url starts with
@@ -185,11 +185,11 @@ def _curl_fetch(url, out_file, ca_certs=None):
     :type url: str
     :param out_file: path to the output file
     :type out_file: str
-    :param ca_certs: path to the file with CA certificates for server
+    :param ca_certs_path: path to the file with CA certificates for server
                      certificate validation
-    :type ca_certs: str
+    :type ca_certs_path: str
     :raise WrongRequestError: if a wrong combination of arguments is passed
-                              (ca_certs file path given and url starting with
+                              (ca_certs_path file path given and url starting with
                               http://) or arguments don't have required format
     :raise CertificateValidationError: if server certificate validation fails
     :raise FetchError: if data fetching fails (usually due to I/O errors)
@@ -223,18 +223,18 @@ def _curl_fetch(url, out_file, ca_certs=None):
     if not out_file:
         raise WrongRequestError("out_file cannot be an empty string")
 
-    if ca_certs and protocol != "https":
+    if ca_certs_path and protocol != "https":
         msg = "Cannot verify server certificate when using plain HTTP"
         raise WrongRequestError(msg)
 
     curl = pycurl.Curl()
     curl.setopt(pycurl.URL, url)
 
-    if ca_certs and protocol == "https":
+    if ca_certs_path and protocol == "https":
         # the strictest verification
         curl.setopt(pycurl.SSL_VERIFYHOST, 2)
         curl.setopt(pycurl.SSL_VERIFYPEER, 1)
-        curl.setopt(pycurl.CAINFO, ca_certs)
+        curl.setopt(pycurl.CAINFO, ca_certs_path)
 
     # may be turned off by flags (specified on command line, take precedence)
     if not conf.payload.verify_ssl: