#7148 py3: ipa cert-request --principal --database fails with BytesWarning: str() on a bytes instance
Closed: fixed 7 years ago Opened 7 years ago by frenaud.

with freeipa master branch:
configure ipa server with self-signed CA
create a user:

$ kinit admin
$ ipa user-add myuser --first myuser --last myuser

request a certificate for the user:

$ ipa cert-request  --principal myuser --database /tmp/nssdb
/usr/lib/python3.6/site-packages/ipaclient/csrgen.py:464: BytesWarning: str() on a bytes instance
  ['certutil', '-S', '-n', self.nickname, '-s', 'CN=%s' % temp_cn,
Enter Password or Pin for "NSS Certificate DB":

A random seed must be generated that will be used in the
creation of your key.  One of the easiest ways to create a
random seed is to use the timing of keystrokes on a keyboard.

To begin, type keys on the keyboard until this progress meter
is full.  DO NOT USE THE AUTOREPEAT FUNCTION ON YOUR KEYBOARD!


Continue typing until the progress meter is full:

|************************************************************|

Finished.  Press enter to continue:


Generating key.  This may take a few moments...

/usr/lib/python3.6/site-packages/ipaclient/plugins/cert.py:135: BytesWarning: str() on a bytes instance
public_key_info=unicode(pubkey_info_b64))
ipa: ERROR: non-public: Error: Incorrect padding
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/ipalib/backend.py", line 142, in execute
    result = self.Command[_name](*args, **options)
  File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 450, in __call__
    return self.__do_call(*args, **options)
  File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 478, in __do_call
    ret = self.run(*args, **options)
  File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 801, in run
    return self.forward(*args, **options)
  File "/usr/lib/python3.6/site-packages/ipaclient/plugins/cert.py", line 135, in forward
    public_key_info=unicode(pubkey_info_b64))
  File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 450, in __call__
    return self.__do_call(*args, **options)
  File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 478, in __do_call
    ret = self.run(*args, **options)
  File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 1202, in run
    return self.forward(*args, **options)
  File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 1205, in forward
    return self.execute(*args, **options)
  File "/usr/lib/python3.6/site-packages/ipaclient/plugins/csrgen.py", line 90, in execute
    public_key_info = base64.b64decode(public_key_info)
  File "/usr/lib64/python3.6/base64.py", line 87, in b64decode
    return binascii.a2b_base64(s)
binascii.Error: Incorrect padding
ipa: ERROR: an internal error has occurred

Metadata Update from @frenaud:
- Issue assigned to frenaud

7 years ago

Metadata Update from @frenaud:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/1057

7 years ago

Metadata Update from @pvoborni:
- Issue priority set to: major
- Issue set to the milestone: FreeIPA 4.6.1

7 years ago

Metadata Update from @tkrizek:
- Issue set to the milestone: FreeIPA 4.6.2 (was: FreeIPA 4.6.1)

7 years ago
  • d00a2c7 py3: fix ipa cert-request --database ...
  • f860d0f csrgen_ffi: pass bytes where "char *" is required
  • 8495683 csrgen: accept public key info as Bytes
  • 72536fd csrgen: update docstring for py3
  • db19ecc parameters: relax type checks
  • 4fe5314 parameters: introduce CertificateSigningRequest
  • eb657e0 Add tests for CertificateSigningRequest
  • c73a180 Remove pkcs10 module contents
  • 3ea9a0d csrgen_ffi: cast the DN value to unsigned char *

Metadata Update from @stlaz:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

7 years ago

Log in to comment on this ticket.

Metadata