freeipa

Clone
Source Code
GIT

#7520 ipa certmap-match throwing "ipa: ERROR: an internal error has occurred"
Closed: fixed 5 years ago Opened 5 years ago by mreznik.

Closed: fixed
Reopen Issue

Command "ipa certmap-match <crt.pem>" throwing "ipa: ERROR: an internal error has occurred"

Steps to Reproduce

  1. Install ipa-server master bits on F28.
  2. run "ipa certmap-match" against some certificate.

Actual behavior

[root@master ~]# ipa certmap-match cert.pem
ipa: ERROR: non-public: TypeError: initializer for ctype 'char[]' must be a bytes or list or tuple, not str
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/ipalib/backend.py", line 141, in execute
    return self.Command[_name](*args, **options)
  File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 450, in __call__
    return self.__do_call(*args, **options)
  File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 478, in __do_call
    ret = self.run(*args, **options)
  File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 801, in run
    return self.forward(*args, **options)
  File "/usr/lib/python3.6/site-packages/ipaclient/plugins/certmap.py", line 43, in forward
    args = [x509.load_unknown_x509_certificate(args[0])]
  File "/usr/lib/python3.6/site-packages/ipalib/x509.py", line 419, in load_unknown_x509_certificate
    return load_pem_x509_certificate(data)
  File "/usr/lib/python3.6/site-packages/ipalib/x509.py", line 394, in load_pem_x509_certificate
    crypto_x509.load_pem_x509_certificate(data, backend=default_backend())
  File "/usr/lib64/python3.6/site-packages/cryptography/x509/base.py", line 43, in load_pem_x509_certificate
    return backend.load_pem_x509_certificate(data)
  File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1132, in load_pem_x509_certificate
    mem_bio = self._bytes_to_bio(data)
  File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 436, in _bytes_to_bio
    data_char_p = self._ffi.new("char[]", data)
TypeError: initializer for ctype 'char[]' must be a bytes or list or tuple, not str
ipa: ERROR: an internal error has occurred

Expected behavior

Command works and show users matching the provided certificate.

Version/Release/Distribution

[root@master ~]# rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server
freeipa-server-4.6.90.pre1.dev201804270736+git994f71ac8-0.fc28.x86_64
freeipa-client-4.6.90.pre1.dev201804270736+git994f71ac8-0.fc28.x86_64
389-ds-base-1.4.0.8-1.fc28.x86_64
pki-ca-10.6.0-1.fc28.noarch
krb5-server-1.16-24.fc28.x86_64

cert data must be bytes, even for PEM encoded ASCII data.

Other commands are affected, too

# ipa cert_find --file=/etc/ipa/ca.crt 
ipa: ERROR: non-public: TypeError: initializer for ctype 'char[]' must be a bytes or list or tuple, not str

Metadata Update from @cheimes:
- Issue assigned to cheimes
5 years ago

Metadata Update from @cheimes:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/1867
5 years ago

Metadata Update from @cheimes:
- Issue tagged with: py3
5 years ago

TODO, add tests for cert APIs with calling the actual ipa client command.

  • ipa cert-find --cert $CERT
  • ipa certmap-match --cert $CERT
  • ipa certmap-match $CERT

Metadata Update from @cheimes:
- Issue tagged with: tests
5 years ago

Metadata Update from @cheimes:
- Issue priority set to: important
- Issue set to the milestone: FreeIPA 4.6.4
5 years ago

master:

  • c925b44 Load certificate files as binary data

ipa-4-6:

  • 6f7ef53 Load certificate files as binary data

Metadata Update from @cheimes:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
5 years ago

Login to comment on this ticket.

Metadata

py3 tests

None
None
important
None
None
None
None
None
None
None
None
None
https://github.com/freeipa/freeipa/pull/1867
None
None
None
None
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.