From 081ec8de6850cee5006922c9c14b279023ce2636 Mon Sep 17 00:00:00 2001
From: Samir Faci <samir@es.net>
Date: Mon, 27 Sep 2021 12:06:05 -0400
Subject: [PATCH] Updating postgres image to 12 to match image used for
 testing.

ChangeLog:
  - Upgrade docker DB image.
  - Upgrade psycopg2 version.
---
 config/opennsa.conf.template            |  1 -
 docker-compose.override.yml_placeholder |  2 +-
 docker-compose.yml                      |  2 +-
 docker/Dockerfile                       | 22 +++++-----------------
 opennsa/opennsaTlsContext.py            |  9 ++++++---
 requirements.txt                        | 12 ++++++------
 6 files changed, 19 insertions(+), 29 deletions(-)

diff --git a/config/opennsa.conf.template b/config/opennsa.conf.template
index 71c739b2..29403a8d 100644
--- a/config/opennsa.conf.template
+++ b/config/opennsa.conf.template
@@ -16,4 +16,3 @@ tls=${TLS_ENABLED}
 
 [dud:topology]
 nrmmap=${NRM_FILE}
-
diff --git a/docker-compose.override.yml_placeholder b/docker-compose.override.yml_placeholder
index b45c9fef..7dea08ce 100644
--- a/docker-compose.override.yml_placeholder
+++ b/docker-compose.override.yml_placeholder
@@ -15,7 +15,7 @@ services:
     #volumes:
     #  - ./config/myNRMFile.nrm:/home/opennsa/opennsa/config/opennsa.nrm
   db:
-    image: postgres:9.6.5
+    image: postgres:12
     ##Expose 5432 locally 
     ports:
       - 5432:5432
diff --git a/docker-compose.yml b/docker-compose.yml
index 7b608072..b370e4a4 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,7 +2,7 @@ version: "3.7"
 
 services:
   db:
-    image: postgres:9.6.5
+    image: postgres:12
     expose:
       - 5432
     volumes:
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 51ee9562..446748af 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -5,7 +5,6 @@ FROM debian:stable-slim
 LABEL maintainer="Henrik Thostrup Jensen <htj@nordu.net>"
 
 # -- Environment --
-ENV GIT_REPO https://github.com/NORDUnet/opennsa
 ENV USER opennsa
 
 
@@ -19,26 +18,15 @@ ADD . /home/$USER/opennsa/
 # pyasn1 and crypto is needed for ssh backends
 RUN apt update \
    && apt install -y \
-   git-core \
+   libpq-dev \
    python3 \
-   python3-twisted-bin \
-   python3-openssl \
-   python3-psycopg2 \
    python3-pip \
-   python3-cryptography \
-   python3-dateutil \
-   && pip3 install \
-   twistar \
-   service-identity \
-   pyasn1 \
-   # -- Instal OpenNSA --
-   # && echo git clone $GIT_REPO \
-   # && su - $USER -c "git clone $GIT_REPO" \
-   ## Unsure why but this needs to be pulled away from the main apt install
+   netcat \
+   iputils-ping \
+   && pip3 install -r /home/$USER/opennsa/requirements.txt \
    && chown $USER:$USER -R /home/opennsa/opennsa \
-   && apt install -y netcat iputils-ping \
    # -- Cleanup --
-   && apt remove -y git-core python3-pip  \
+   && apt remove -y python3-pip  \
    && apt autoremove -y \
    && rm -rf /var/lib/apt/lists/* \
    && cp /home/$USER/opennsa/docker/run_opennsa.sh /home/$USER/opennsa \
diff --git a/opennsa/opennsaTlsContext.py b/opennsa/opennsaTlsContext.py
index 6f981257..c13e5beb 100755
--- a/opennsa/opennsaTlsContext.py
+++ b/opennsa/opennsaTlsContext.py
@@ -44,11 +44,14 @@ class opennsaTlsContext:
             try:
                 CACertificates.append(ssl.Certificate.loadPEM(CAFileContent))
             except crypto.Error as error:
-                log.msg('Cannot load CA certificate from %s: %s' % (CAFilename, error), system = LOG_SYSTEM)
+                log.msg(f'Cannot load CA certificate from {CAFilename}: {error}', system=LOG_SYSTEM)
             else:
-                log.msg('Loaded CA certificate %s' % (str(CACertificates[-1].getSubject())), system = LOG_SYSTEM)
+                try:
+                    log.msg(f'Loaded CA certificate {CACertificates[-1].getSubject()}', system=LOG_SYSTEM)
+                except:
+                    log.msg("Failed to serialize Certificate Subject")
         if len(CACertificates) == 0:
-            print('No certificiates loaded for CTX verificiation. CA verification will not work.')
+            print('No certificates loaded for CTX verification. CA verification will not work.')
         return ssl.trustRootFromCertificates(CACertificates)
 
     def getTrustRoot(self):
diff --git a/requirements.txt b/requirements.txt
index 336060f6..a677a0ae 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,9 +1,9 @@
-#twisted>=19.7.0
 twisted>=21.2.0
 twistar>=2.0
-#psycopg2>=2.7,<2.8 --no-binary psycopg2
-psycopg2
+psycopg2>=2.9,<2.10 --no-binary psycopg2
 pyOpenSSL>=17.5.0
-python-dateutil
-service_identity
-idna
\ No newline at end of file
+python-dotenv>=0.19.0
+cryptography>=3.4.8
+python-dateutil>=2.8,<2.9
+service-identity>=21.1.0,<22.0.0
+idna>=3.2,<3.3
-- 
GitLab