From 6c3cbab1a8e19f085c152a062b753bb2696b8964 Mon Sep 17 00:00:00 2001
From: Adam Young <ayoung@redhat.com>
Date: Mon, 10 Mar 2014 15:12:15 -0400
Subject: [PATCH] remove universal_newlines

Need to make sure that binary and text are both handled correctly for cms calls.

Blueprint: compress-tokens

Change-Id: If3ed5f339b53942d4ed6d6b2d9fc4eebd7180b0a
---
 keystoneclient/common/cms.py            | 26 +++++++++++++------------
 keystoneclient/middleware/auth_token.py |  5 +++--
 2 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/keystoneclient/common/cms.py b/keystoneclient/common/cms.py
index ea102759f..96f8b61f5 100644
--- a/keystoneclient/common/cms.py
+++ b/keystoneclient/common/cms.py
@@ -72,11 +72,11 @@ def _check_files_accessible(files):
     return err
 
 
-def _process_communicate_handle_oserror(process, text, files):
+def _process_communicate_handle_oserror(process, data, files):
     """Wrapper around process.communicate that checks for OSError."""
 
     try:
-        output, err = process.communicate(text)
+        output, err = process.communicate(data)
     except OSError as e:
         if e.errno != errno.EPIPE:
             raise
@@ -87,12 +87,14 @@ def _process_communicate_handle_oserror(process, text, files):
         # able to read an input file, so check ourselves if can't read a file.
         err = _check_files_accessible(files)
         if process.stderr:
-            err += process.stderr.read()
-
+            msg = process.stderr.read()
+            err = err + msg.decode('utf-8')
         output = ''
         retcode = -1
     else:
         retcode = process.poll()
+        if err is not None:
+            err = err.decode('utf-8')
 
     return output, err, retcode
 
@@ -104,6 +106,7 @@ def cms_verify(formatted, signing_cert_file_name, ca_file_name):
     :raises: CertificateConfigError if certificate is not configured properly.
     """
     _ensure_subprocess()
+    data = bytearray(formatted, encoding='utf-8')
     process = subprocess.Popen(['openssl', 'cms', '-verify',
                                 '-certfile', signing_cert_file_name,
                                 '-CAfile', ca_file_name,
@@ -112,10 +115,9 @@ def cms_verify(formatted, signing_cert_file_name, ca_file_name):
                                 '-nocerts', '-noattr'],
                                stdin=subprocess.PIPE,
                                stdout=subprocess.PIPE,
-                               stderr=subprocess.PIPE,
-                               universal_newlines=True)
+                               stderr=subprocess.PIPE)
     output, err, retcode = _process_communicate_handle_oserror(
-        process, formatted, (signing_cert_file_name, ca_file_name))
+        process, data, (signing_cert_file_name, ca_file_name))
 
     # Do not log errors, as some happen in the positive thread
     # instead, catch them in the calling code and log them there.
@@ -230,6 +232,7 @@ def cms_sign_text(text, signing_cert_file_name, signing_key_file_name):
     http://en.wikipedia.org/wiki/Cryptographic_Message_Syntax
     """
     _ensure_subprocess()
+    data = bytearray(text, encoding='utf-8')
     process = subprocess.Popen(['openssl', 'cms', '-sign',
                                 '-signer', signing_cert_file_name,
                                 '-inkey', signing_key_file_name,
@@ -238,16 +241,15 @@ def cms_sign_text(text, signing_cert_file_name, signing_key_file_name):
                                 '-nocerts', '-noattr'],
                                stdin=subprocess.PIPE,
                                stdout=subprocess.PIPE,
-                               stderr=subprocess.PIPE,
-                               universal_newlines=True)
+                               stderr=subprocess.PIPE)
 
     output, err, retcode = _process_communicate_handle_oserror(
-        process, text, (signing_cert_file_name, signing_key_file_name))
+        process, data, (signing_cert_file_name, signing_key_file_name))
 
-    if retcode or 'Error' in err:
+    if retcode or ('Error' in err):
         LOG.error('Signing error: %s' % err)
         raise subprocess.CalledProcessError(retcode, 'openssl')
-    return output
+    return output.decode('utf-8')
 
 
 def cms_sign_token(text, signing_cert_file_name, signing_key_file_name):
diff --git a/keystoneclient/middleware/auth_token.py b/keystoneclient/middleware/auth_token.py
index 702015ff2..d92610fb7 100644
--- a/keystoneclient/middleware/auth_token.py
+++ b/keystoneclient/middleware/auth_token.py
@@ -1204,8 +1204,9 @@ class AuthProtocol(object):
         """
         def verify():
             try:
-                return cms.cms_verify(data, self.signing_cert_file_name,
-                                      self.signing_ca_file_name)
+                return cms.cms_verify(
+                    data, self.signing_cert_file_name,
+                    self.signing_ca_file_name).decode('utf-8')
             except cms.subprocess.CalledProcessError as err:
                 self.LOG.warning('Verify error: %s', err)
                 raise