pki.crypto.NSSCryptoProvider.import_cert raises a TypeError when attempting to import a pki.cert.CertData object.
File "/usr/lib/python3.7/site-packages/pki/crypto.py", line 200, in import_cert cert_file.write(content) File "/usr/lib64/python3.7/tempfile.py", line 481, in func_wrapper return func(*args, **kwargs) TypeError: a bytes-like object is required, not 'str'
It appears the Issue is that CertData.encoded returns a unicode string in Python 3. i.e. type(CertData.encoded) == str, but the write() function used to write the cert data to a temporary file requires bytes type objects:
type(CertData.encoded) == str
write()
bytes
https://github.com/dogtagpki/pki/blob/9cf1f8392b30a1c3fccc5fd1c10670f4fea221cf/base/common/python/pki/crypto.py#L192-L199
Hello @redrobot ,
Thank you for filing the bug and pointing us in the right direction. Is it possible to share the steps to reproduce, to help me test before I push the fix?
Metadata Update from @dmoluguw: - Custom field component adjusted to None - Custom field feature adjusted to None - Custom field origin adjusted to None - Custom field proposedmilestone adjusted to None - Custom field proposedpriority adjusted to None - Custom field reviewer adjusted to None - Custom field type adjusted to None - Custom field version adjusted to None
Hi @dmoluguw ,
You should be able to reproduce the bug with this short python script:
from pki import cert from pki import client from pki import crypto from pki import kra conn = client.PKIConnection('https', 'localhost', '8443', 'kra') provider = crypto.NSSCryptoProvider('/path/to/nss/db/alias', b'NSS_DB_PASSWORD') kra_client = kra.KRAClient(conn, provider) transport_cert = kra_client.system_certs.get_transport_cert() assert type(transport_cert) is cert.CertData provider.import_cert('KRA Transport Cert', transport_cert, ',,')
I have the PR ready to be reviewed & merged: https://github.com/dogtagpki/pki/pull/262
Update: The PR has been merged
Fixed in V10.7.4 which will be released on PyPI and probably won't make it on Fedora
V10.7.4 commit: https://github.com/dogtagpki/pki/commit/4c98ff89cfaeb5e7f0bf1a48455cb725dc8602a9
Metadata Update from @dmoluguw: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
The fix is now available via the PyPi update: https://pypi.org/project/dogtag-pki/10.7.4.1/
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/3225
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.