openstack/barbican
Code Issues Proposed changes

Merge "Port snakeoil_ca to Python 3"

Browse Source
This commit is contained in:
Jenkins 2016-06-04 05:00:34 +00:00 committed by Gerrit Code Review
commit 8f06bd7c41
3 changed files with 17 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
barbican/plugin/snakeoil_ca.py
View File

@ -118,7 +118,7 @@ class SnakeoilCA(object):
def cert(self): def cert(self):
self.ensure_exists() self.ensure_exists()
if self.cert_path: if self.cert_path:
with open(self.cert_path) as cert_fh: with open(self.cert_path, 'rb') as cert_fh:
return crypto.load_certificate(crypto.FILETYPE_PEM, return crypto.load_certificate(crypto.FILETYPE_PEM,
cert_fh.read()) cert_fh.read())
else: else:
@ -127,7 +127,7 @@ class SnakeoilCA(object):
@cert.setter @cert.setter
def cert(self, val): def cert(self, val):
if self.cert_path: if self.cert_path:
with open(self.cert_path, 'w') as cert_fh: with open(self.cert_path, 'wb') as cert_fh:
cert_fh.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert_fh.write(crypto.dump_certificate(crypto.FILETYPE_PEM,
val)) val))
else: else:
@ -137,7 +137,7 @@ class SnakeoilCA(object):
def key(self): def key(self):
self.ensure_exists() self.ensure_exists()
if self.key_path: if self.key_path:
with open(self.key_path) as key_fh: with open(self.key_path, 'rb') as key_fh:
return crypto.load_privatekey(crypto.FILETYPE_PEM, return crypto.load_privatekey(crypto.FILETYPE_PEM,
key_fh.read()) key_fh.read())
else: else:
@ -146,7 +146,7 @@ class SnakeoilCA(object):
@key.setter @key.setter
def key(self, val): def key(self, val):
if self.key_path: if self.key_path:
with open(self.key_path, 'w') as key_fh: with open(self.key_path, 'wb') as key_fh:
key_fh.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, val)) key_fh.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, val))
else: else:
self._key_val = crypto.dump_privatekey(crypto.FILETYPE_PEM, val) self._key_val = crypto.dump_privatekey(crypto.FILETYPE_PEM, val)
@ -155,7 +155,7 @@ class SnakeoilCA(object):
def chain(self): def chain(self):
self.ensure_exists() self.ensure_exists()
if self.chain_path: if self.chain_path:
with open(self.chain_path) as chain_fh: with open(self.chain_path, 'rb') as chain_fh:
return chain_fh.read() return chain_fh.read()
else: else:
return self._chain_val return self._chain_val
@ -163,7 +163,7 @@ class SnakeoilCA(object):
@chain.setter @chain.setter
def chain(self, val): def chain(self, val):
if self.chain_path: if self.chain_path:
with open(self.chain_path, 'w') as chain_fh: with open(self.chain_path, 'wb') as chain_fh:
chain_fh.write(val) chain_fh.write(val)
else: else:
self._chain_val = val self._chain_val = val
@ -172,7 +172,7 @@ class SnakeoilCA(object):
def pkcs7(self): def pkcs7(self):
self.ensure_exists() self.ensure_exists()
if self.pkcs7_path: if self.pkcs7_path:
with open(self.pkcs7_path) as pkcs7_fh: with open(self.pkcs7_path, 'rb') as pkcs7_fh:
return pkcs7_fh.read() return pkcs7_fh.read()
else: else:
return self._pkcs7_val return self._pkcs7_val
@ -180,7 +180,7 @@ class SnakeoilCA(object):
@pkcs7.setter @pkcs7.setter
def pkcs7(self, val): def pkcs7(self, val):
if self.pkcs7_path: if self.pkcs7_path:
with open(self.pkcs7_path, 'w') as pkcs7_fh: with open(self.pkcs7_path, 'wb') as pkcs7_fh:
pkcs7_fh.write(val) pkcs7_fh.write(val)
else: else:
self._pkcs7_val = val self._pkcs7_val = val
@ -243,9 +243,9 @@ class SnakeoilCA(object):
LOG.debug('Snakeoil CA cert/key generated') LOG.debug('Snakeoil CA cert/key generated')
chain = "" chain = b''
if self.parent_chain_path: if self.parent_chain_path:
with open(self.parent_chain_path) as fh: with open(self.parent_chain_path, 'rb') as fh:
chain = fh.read() chain = fh.read()
chain += crypto.dump_certificate(crypto.FILETYPE_PEM, cert) chain += crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
@ -262,7 +262,7 @@ class SnakeoilCA(object):
subprocess.call(['/usr/bin/openssl', 'crl2pkcs7', '-nocrl', # nosec subprocess.call(['/usr/bin/openssl', 'crl2pkcs7', '-nocrl', # nosec
'-out', temp_out, '-certfile', temp_in], shell=False) '-out', temp_out, '-certfile', temp_in], shell=False)
with open(temp_out) as pkcs7_fh: with open(temp_out, 'rb') as pkcs7_fh:
pkcs7 = pkcs7_fh.read() pkcs7 = pkcs7_fh.read()
os.remove(temp_in) os.remove(temp_in)

12
barbican/tests/plugin/test_snakeoil_ca.py
View File

@ -153,7 +153,7 @@ class CertManagerTestCase(BaseTestCase):
der_sig = asn1.DerObject() der_sig = asn1.DerObject()
der_sig.decode(der[2]) der_sig.decode(der[2])
sig = der_sig.payload sig = der_sig.payload
self.assertIs('\x00', sig[0]) self.assertEqual(b'\x00', sig[:1])
crypto.verify(self.ca.cert, sig[1:], der[0], 'sha256') crypto.verify(self.ca.cert, sig[1:], der[0], 'sha256')
def test_gen_cert_no_file_storage(self): def test_gen_cert_no_file_storage(self):
@ -216,7 +216,7 @@ class SnakeoilCAPluginTestCase(BaseTestCase):
order_meta, {}, order_meta, {},
self.barbican_meta_dto) self.barbican_meta_dto)
crypto.load_certificate( crypto.load_certificate(
crypto.FILETYPE_PEM, resp.certificate.decode('base64')) crypto.FILETYPE_PEM, base64.b64decode(resp.certificate))
def test_issue_certificate_request_with_ca_id(self): def test_issue_certificate_request_with_ca_id(self):
req = certificate_utils.get_valid_csr_object() req = certificate_utils.get_valid_csr_object()
@ -231,7 +231,7 @@ class SnakeoilCAPluginTestCase(BaseTestCase):
plugin_meta, plugin_meta,
self.barbican_meta_dto) self.barbican_meta_dto)
crypto.load_certificate( crypto.load_certificate(
crypto.FILETYPE_PEM, resp.certificate.decode('base64')) crypto.FILETYPE_PEM, base64.b64decode(resp.certificate))
def test_issue_raises_with_invalid_ca_id(self): def test_issue_raises_with_invalid_ca_id(self):
req = certificate_utils.get_valid_csr_object() req = certificate_utils.get_valid_csr_object()
@ -267,7 +267,7 @@ class SnakeoilCAPluginTestCase(BaseTestCase):
order_meta, {}, order_meta, {},
self.barbican_meta_dto) self.barbican_meta_dto)
cert = crypto.load_certificate( cert = crypto.load_certificate(
crypto.FILETYPE_PEM, resp.certificate.decode('base64')) crypto.FILETYPE_PEM, base64.b64decode(resp.certificate))
cert_subj = cert.get_subject() cert_subj = cert.get_subject()
self.assertEqual('US', cert_subj.C) self.assertEqual('US', cert_subj.C)
self.assertEqual('OR', cert_subj.ST) self.assertEqual('OR', cert_subj.ST)
@ -284,7 +284,7 @@ class SnakeoilCAPluginTestCase(BaseTestCase):
resp = self.plugin.issue_certificate_request( resp = self.plugin.issue_certificate_request(
self.order_id, {}, {}, self.barbican_meta_dto) self.order_id, {}, {}, self.barbican_meta_dto)
crypto.load_certificate( crypto.load_certificate(
crypto.FILETYPE_PEM, resp.certificate.decode('base64')) crypto.FILETYPE_PEM, base64.b64decode(resp.certificate))
def test_no_request_data(self): def test_no_request_data(self):
res = self.plugin.issue_certificate_request( res = self.plugin.issue_certificate_request(
@ -382,7 +382,7 @@ class SnakeoilCAPluginTestCase(BaseTestCase):
plugin_meta, plugin_meta,
self.barbican_meta_dto) self.barbican_meta_dto)
new_cert = crypto.load_certificate( new_cert = crypto.load_certificate(
crypto.FILETYPE_PEM, resp.certificate.decode('base64')) crypto.FILETYPE_PEM, base64.b64decode(resp.certificate))
signing_cert = crypto.load_certificate( signing_cert = crypto.load_certificate(
crypto.FILETYPE_PEM, subca_dict['ca_signing_certificate']) crypto.FILETYPE_PEM, subca_dict['ca_signing_certificate'])

1
tests-py3-blacklist.txt
View File

@ -8,4 +8,3 @@ barbican.tests.cmd.test_barbican_manage
barbican.tests.cmd.test_db_cleanup barbican.tests.cmd.test_db_cleanup
barbican.tests.common.test_validators barbican.tests.common.test_validators
barbican.tests.plugin.crypto.test_pkcs11 barbican.tests.plugin.crypto.test_pkcs11
barbican.tests.plugin.test_snakeoil_ca