openstack/barbican
Code Issues Proposed changes

Port snakeoil_ca to Python 3

Browse Source 
* Open files in binary mode: "rb" or "wb" mode
* Replace bytes.decode('base64') with base64.b64decode(bytes)
* Remove test_snakeoil_ca from tests-py3-blacklist.txt to run it

Partially implements: blueprint barbican-py3
Change-Id: Ib4ec41c280bf48e6c425b0a6161d2591997f0d28
This commit is contained in:
Victor Stinner 2016-05-04 15:35:25 +02:00
parent 0326a260f4
commit fbe084db09
3 changed files with 17 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
barbican/plugin/snakeoil_ca.py
View File

@ -118,7 +118,7 @@ class SnakeoilCA(object):
def cert(self):
self.ensure_exists()
if self.cert_path:
with open(self.cert_path) as cert_fh:
with open(self.cert_path, 'rb') as cert_fh:
return crypto.load_certificate(crypto.FILETYPE_PEM,
cert_fh.read())
else:
@ -127,7 +127,7 @@ class SnakeoilCA(object):
@cert.setter
def cert(self, val):
if self.cert_path:
with open(self.cert_path, 'w') as cert_fh:
with open(self.cert_path, 'wb') as cert_fh:
cert_fh.write(crypto.dump_certificate(crypto.FILETYPE_PEM,
val))
else:
@ -137,7 +137,7 @@ class SnakeoilCA(object):
def key(self):
self.ensure_exists()
if self.key_path:
with open(self.key_path) as key_fh:
with open(self.key_path, 'rb') as key_fh:
return crypto.load_privatekey(crypto.FILETYPE_PEM,
key_fh.read())
else:
@ -146,7 +146,7 @@ class SnakeoilCA(object):
@key.setter
def key(self, val):
if self.key_path:
with open(self.key_path, 'w') as key_fh:
with open(self.key_path, 'wb') as key_fh:
key_fh.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, val))
else:
self._key_val = crypto.dump_privatekey(crypto.FILETYPE_PEM, val)
@ -155,7 +155,7 @@ class SnakeoilCA(object):
def chain(self):
self.ensure_exists()
if self.chain_path:
with open(self.chain_path) as chain_fh:
with open(self.chain_path, 'rb') as chain_fh:
return chain_fh.read()
else:
return self._chain_val
@ -163,7 +163,7 @@ class SnakeoilCA(object):
@chain.setter
def chain(self, val):
if self.chain_path:
with open(self.chain_path, 'w') as chain_fh:
with open(self.chain_path, 'wb') as chain_fh:
chain_fh.write(val)
else:
self._chain_val = val
@ -172,7 +172,7 @@ class SnakeoilCA(object):
def pkcs7(self):
self.ensure_exists()
if self.pkcs7_path:
with open(self.pkcs7_path) as pkcs7_fh:
with open(self.pkcs7_path, 'rb') as pkcs7_fh:
return pkcs7_fh.read()
else:
return self._pkcs7_val
@ -180,7 +180,7 @@ class SnakeoilCA(object):
@pkcs7.setter
def pkcs7(self, val):
if self.pkcs7_path:
with open(self.pkcs7_path, 'w') as pkcs7_fh:
with open(self.pkcs7_path, 'wb') as pkcs7_fh:
pkcs7_fh.write(val)
else:
self._pkcs7_val = val
@ -243,9 +243,9 @@ class SnakeoilCA(object):
LOG.debug('Snakeoil CA cert/key generated')
chain = ""
chain = b''
if self.parent_chain_path:
with open(self.parent_chain_path) as fh:
with open(self.parent_chain_path, 'rb') as fh:
chain = fh.read()
chain += crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
@ -262,7 +262,7 @@ class SnakeoilCA(object):
subprocess.call(['/usr/bin/openssl', 'crl2pkcs7', '-nocrl', # nosec
'-out', temp_out, '-certfile', temp_in], shell=False)
with open(temp_out) as pkcs7_fh:
with open(temp_out, 'rb') as pkcs7_fh:
pkcs7 = pkcs7_fh.read()
os.remove(temp_in)

12
barbican/tests/plugin/test_snakeoil_ca.py
View File

@ -153,7 +153,7 @@ class CertManagerTestCase(BaseTestCase):
der_sig = asn1.DerObject()
der_sig.decode(der[2])
sig = der_sig.payload
self.assertIs('\x00', sig[0])
self.assertEqual(b'\x00', sig[:1])
crypto.verify(self.ca.cert, sig[1:], der[0], 'sha256')
def test_gen_cert_no_file_storage(self):
@ -216,7 +216,7 @@ class SnakeoilCAPluginTestCase(BaseTestCase):
order_meta, {},
self.barbican_meta_dto)
crypto.load_certificate(
crypto.FILETYPE_PEM, resp.certificate.decode('base64'))
crypto.FILETYPE_PEM, base64.b64decode(resp.certificate))
def test_issue_certificate_request_with_ca_id(self):
req = certificate_utils.get_valid_csr_object()
@ -231,7 +231,7 @@ class SnakeoilCAPluginTestCase(BaseTestCase):
plugin_meta,
self.barbican_meta_dto)
crypto.load_certificate(
crypto.FILETYPE_PEM, resp.certificate.decode('base64'))
crypto.FILETYPE_PEM, base64.b64decode(resp.certificate))
def test_issue_raises_with_invalid_ca_id(self):
req = certificate_utils.get_valid_csr_object()
@ -267,7 +267,7 @@ class SnakeoilCAPluginTestCase(BaseTestCase):
order_meta, {},
self.barbican_meta_dto)
cert = crypto.load_certificate(
crypto.FILETYPE_PEM, resp.certificate.decode('base64'))
crypto.FILETYPE_PEM, base64.b64decode(resp.certificate))
cert_subj = cert.get_subject()
self.assertEqual('US', cert_subj.C)
self.assertEqual('OR', cert_subj.ST)
@ -284,7 +284,7 @@ class SnakeoilCAPluginTestCase(BaseTestCase):
resp = self.plugin.issue_certificate_request(
self.order_id, {}, {}, self.barbican_meta_dto)
crypto.load_certificate(
crypto.FILETYPE_PEM, resp.certificate.decode('base64'))
crypto.FILETYPE_PEM, base64.b64decode(resp.certificate))
def test_no_request_data(self):
res = self.plugin.issue_certificate_request(
@ -382,7 +382,7 @@ class SnakeoilCAPluginTestCase(BaseTestCase):
plugin_meta,
self.barbican_meta_dto)
new_cert = crypto.load_certificate(
crypto.FILETYPE_PEM, resp.certificate.decode('base64'))
crypto.FILETYPE_PEM, base64.b64decode(resp.certificate))
signing_cert = crypto.load_certificate(
crypto.FILETYPE_PEM, subca_dict['ca_signing_certificate'])

1
tests-py3-blacklist.txt
View File

@ -8,4 +8,3 @@ barbican.tests.cmd.test_barbican_manage
barbican.tests.cmd.test_db_cleanup
barbican.tests.common.test_validators
barbican.tests.plugin.crypto.test_pkcs11
barbican.tests.plugin.test_snakeoil_ca