Issue #3108: pki.crypto.NSSCryptoProvider.import_cert is broken in Python 3 - dogtagpki

dogtagpki

#3108 pki.crypto.NSSCryptoProvider.import_cert is broken in Python 3

Closed: fixed 4 years ago by dmoluguw. Opened 4 years ago by redrobot.

pki.crypto.NSSCryptoProvider.import_cert raises a TypeError when attempting to import a pki.cert.CertData object.

File "/usr/lib/python3.7/site-packages/pki/crypto.py", line 200, in import_cert cert_file.write(content) File "/usr/lib64/python3.7/tempfile.py", line 481, in func_wrapper return func(*args, **kwargs) TypeError: a bytes-like object is required, not 'str'

It appears the Issue is that CertData.encoded returns a unicode string in Python 3. i.e. type(CertData.encoded) == str, but the write() function used to write the cert data to a temporary file requires bytes type objects:

https://github.com/dogtagpki/pki/blob/9cf1f8392b30a1c3fccc5fd1c10670f4fea221cf/base/common/python/pki/crypto.py#L192-L199

dmoluguw commented 4 years ago

Hello @redrobot ,

Thank you for filing the bug and pointing us in the right direction. Is it possible to share the steps to reproduce, to help me test before I push the fix?

Metadata Update from @dmoluguw:
- Custom field component adjusted to None
- Custom field feature adjusted to None
- Custom field origin adjusted to None
- Custom field proposedmilestone adjusted to None
- Custom field proposedpriority adjusted to None
- Custom field reviewer adjusted to None
- Custom field type adjusted to None
- Custom field version adjusted to None

4 years ago

redrobot commented 4 years ago

Hi @dmoluguw ,

You should be able to reproduce the bug with this short python script:

from pki import cert
from pki import client
from pki import crypto
from pki import kra


conn = client.PKIConnection('https', 'localhost', '8443', 'kra')
provider = crypto.NSSCryptoProvider('/path/to/nss/db/alias', b'NSS_DB_PASSWORD')
kra_client = kra.KRAClient(conn, provider)
transport_cert = kra_client.system_certs.get_transport_cert()
assert type(transport_cert) is cert.CertData
provider.import_cert('KRA Transport Cert', transport_cert, ',,')

dmoluguw commented 4 years ago

I have the PR ready to be reviewed & merged: https://github.com/dogtagpki/pki/pull/262

Update: The PR has been merged

Edited 4 years ago by dmoluguw

dmoluguw commented 4 years ago

Fixed in V10.7.4 which will be released on PyPI and probably won't make it on Fedora

V10.7.4 commit: https://github.com/dogtagpki/pki/commit/4c98ff89cfaeb5e7f0bf1a48455cb725dc8602a9

Edited 4 years ago by dmoluguw

Metadata Update from @dmoluguw:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

4 years ago

dmoluguw commented 4 years ago

The fix is now available via the PyPi update: https://pypi.org/project/dogtag-pki/10.7.4.1/

dmoluguw commented 3 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/3225

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

None

Milestone

None

lowhangingfruit

None

reporter

None

rhbz

None

type

None

version

None

keywords

None

estimate

None

feature

None

origin

None

proposedpriority

None

fixedinversion

None

platforms

None

blockedby

None

blocking

None

reviewer

None

component

None

proposedmilestone

None

dogtagpki

Source Code

#3108 pki.crypto.NSSCryptoProvider.import_cert is broken in Python 3 Closed: fixed 4 years ago by dmoluguw. Opened 4 years ago by redrobot.

Metadata

#3108 pki.crypto.NSSCryptoProvider.import_cert is broken in Python 3

Closed: fixed 4 years ago by dmoluguw. Opened 4 years ago by redrobot.