From fbe084db096f94870b4491757f15564304b5cc45 Mon Sep 17 00:00:00 2001 From: Victor Stinner Date: Wed, 4 May 2016 15:35:25 +0200 Subject: [PATCH] Port snakeoil_ca to Python 3 * Open files in binary mode: "rb" or "wb" mode * Replace bytes.decode('base64') with base64.b64decode(bytes) * Remove test_snakeoil_ca from tests-py3-blacklist.txt to run it Partially implements: blueprint barbican-py3 Change-Id: Ib4ec41c280bf48e6c425b0a6161d2591997f0d28 --- barbican/plugin/snakeoil_ca.py | 22 +++++++++++----------- barbican/tests/plugin/test_snakeoil_ca.py | 12 ++++++------ tests-py3-blacklist.txt | 1 - 3 files changed, 17 insertions(+), 18 deletions(-) diff --git a/barbican/plugin/snakeoil_ca.py b/barbican/plugin/snakeoil_ca.py index 70f1628b7..34dd66ed8 100644 --- a/barbican/plugin/snakeoil_ca.py +++ b/barbican/plugin/snakeoil_ca.py @@ -118,7 +118,7 @@ class SnakeoilCA(object): def cert(self): self.ensure_exists() if self.cert_path: - with open(self.cert_path) as cert_fh: + with open(self.cert_path, 'rb') as cert_fh: return crypto.load_certificate(crypto.FILETYPE_PEM, cert_fh.read()) else: @@ -127,7 +127,7 @@ class SnakeoilCA(object): @cert.setter def cert(self, val): if self.cert_path: - with open(self.cert_path, 'w') as cert_fh: + with open(self.cert_path, 'wb') as cert_fh: cert_fh.write(crypto.dump_certificate(crypto.FILETYPE_PEM, val)) else: @@ -137,7 +137,7 @@ class SnakeoilCA(object): def key(self): self.ensure_exists() if self.key_path: - with open(self.key_path) as key_fh: + with open(self.key_path, 'rb') as key_fh: return crypto.load_privatekey(crypto.FILETYPE_PEM, key_fh.read()) else: @@ -146,7 +146,7 @@ class SnakeoilCA(object): @key.setter def key(self, val): if self.key_path: - with open(self.key_path, 'w') as key_fh: + with open(self.key_path, 'wb') as key_fh: key_fh.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, val)) else: self._key_val = crypto.dump_privatekey(crypto.FILETYPE_PEM, val) @@ -155,7 +155,7 @@ class SnakeoilCA(object): def chain(self): self.ensure_exists() if self.chain_path: - with open(self.chain_path) as chain_fh: + with open(self.chain_path, 'rb') as chain_fh: return chain_fh.read() else: return self._chain_val @@ -163,7 +163,7 @@ class SnakeoilCA(object): @chain.setter def chain(self, val): if self.chain_path: - with open(self.chain_path, 'w') as chain_fh: + with open(self.chain_path, 'wb') as chain_fh: chain_fh.write(val) else: self._chain_val = val @@ -172,7 +172,7 @@ class SnakeoilCA(object): def pkcs7(self): self.ensure_exists() if self.pkcs7_path: - with open(self.pkcs7_path) as pkcs7_fh: + with open(self.pkcs7_path, 'rb') as pkcs7_fh: return pkcs7_fh.read() else: return self._pkcs7_val @@ -180,7 +180,7 @@ class SnakeoilCA(object): @pkcs7.setter def pkcs7(self, val): if self.pkcs7_path: - with open(self.pkcs7_path, 'w') as pkcs7_fh: + with open(self.pkcs7_path, 'wb') as pkcs7_fh: pkcs7_fh.write(val) else: self._pkcs7_val = val @@ -243,9 +243,9 @@ class SnakeoilCA(object): LOG.debug('Snakeoil CA cert/key generated') - chain = "" + chain = b'' if self.parent_chain_path: - with open(self.parent_chain_path) as fh: + with open(self.parent_chain_path, 'rb') as fh: chain = fh.read() chain += crypto.dump_certificate(crypto.FILETYPE_PEM, cert) @@ -262,7 +262,7 @@ class SnakeoilCA(object): subprocess.call(['/usr/bin/openssl', 'crl2pkcs7', '-nocrl', # nosec '-out', temp_out, '-certfile', temp_in], shell=False) - with open(temp_out) as pkcs7_fh: + with open(temp_out, 'rb') as pkcs7_fh: pkcs7 = pkcs7_fh.read() os.remove(temp_in) diff --git a/barbican/tests/plugin/test_snakeoil_ca.py b/barbican/tests/plugin/test_snakeoil_ca.py index a429fd29e..834d81c4e 100644 --- a/barbican/tests/plugin/test_snakeoil_ca.py +++ b/barbican/tests/plugin/test_snakeoil_ca.py @@ -153,7 +153,7 @@ class CertManagerTestCase(BaseTestCase): der_sig = asn1.DerObject() der_sig.decode(der[2]) sig = der_sig.payload - self.assertIs('\x00', sig[0]) + self.assertEqual(b'\x00', sig[:1]) crypto.verify(self.ca.cert, sig[1:], der[0], 'sha256') def test_gen_cert_no_file_storage(self): @@ -216,7 +216,7 @@ class SnakeoilCAPluginTestCase(BaseTestCase): order_meta, {}, self.barbican_meta_dto) crypto.load_certificate( - crypto.FILETYPE_PEM, resp.certificate.decode('base64')) + crypto.FILETYPE_PEM, base64.b64decode(resp.certificate)) def test_issue_certificate_request_with_ca_id(self): req = certificate_utils.get_valid_csr_object() @@ -231,7 +231,7 @@ class SnakeoilCAPluginTestCase(BaseTestCase): plugin_meta, self.barbican_meta_dto) crypto.load_certificate( - crypto.FILETYPE_PEM, resp.certificate.decode('base64')) + crypto.FILETYPE_PEM, base64.b64decode(resp.certificate)) def test_issue_raises_with_invalid_ca_id(self): req = certificate_utils.get_valid_csr_object() @@ -267,7 +267,7 @@ class SnakeoilCAPluginTestCase(BaseTestCase): order_meta, {}, self.barbican_meta_dto) cert = crypto.load_certificate( - crypto.FILETYPE_PEM, resp.certificate.decode('base64')) + crypto.FILETYPE_PEM, base64.b64decode(resp.certificate)) cert_subj = cert.get_subject() self.assertEqual('US', cert_subj.C) self.assertEqual('OR', cert_subj.ST) @@ -284,7 +284,7 @@ class SnakeoilCAPluginTestCase(BaseTestCase): resp = self.plugin.issue_certificate_request( self.order_id, {}, {}, self.barbican_meta_dto) crypto.load_certificate( - crypto.FILETYPE_PEM, resp.certificate.decode('base64')) + crypto.FILETYPE_PEM, base64.b64decode(resp.certificate)) def test_no_request_data(self): res = self.plugin.issue_certificate_request( @@ -382,7 +382,7 @@ class SnakeoilCAPluginTestCase(BaseTestCase): plugin_meta, self.barbican_meta_dto) new_cert = crypto.load_certificate( - crypto.FILETYPE_PEM, resp.certificate.decode('base64')) + crypto.FILETYPE_PEM, base64.b64decode(resp.certificate)) signing_cert = crypto.load_certificate( crypto.FILETYPE_PEM, subca_dict['ca_signing_certificate']) diff --git a/tests-py3-blacklist.txt b/tests-py3-blacklist.txt index dcef1ceaf..75ca911a7 100644 --- a/tests-py3-blacklist.txt +++ b/tests-py3-blacklist.txt @@ -8,4 +8,3 @@ barbican.tests.cmd.test_barbican_manage barbican.tests.cmd.test_db_cleanup barbican.tests.common.test_validators barbican.tests.plugin.crypto.test_pkcs11 -barbican.tests.plugin.test_snakeoil_ca