External CA fails in step 2: Object of type 'bytes' is not JSON serializable

pki-bot commented 4 years ago

This issue was migrated from Pagure Issue #3008. Originally filed by cheimes (@tiran) on 2018-04-30 09:56:22:

Closed at 2018-05-02 10:31:11 as fixed
Assigned to cheimes (@tiran)

WIth 3005 and 3007 fixed, I'm running into another Python 3-related issue in external CA installation:

2018-04-30 15:52:07 pkispawn    : INFO     ....... BtoA /root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin /root/.dogtag/pki-tomcat/ca/alias/admin_pkcs10.bin.asc
2018-04-30 15:52:07 pkispawn    : INFO     ....... loading caSigningCert External CA certificate
2018-04-30 15:52:07 pki.nssdb   : DEBUG    Command: certutil -L -d /var/lib/pki/pki-tomcat/alias -f /tmp/tmptv77qn7u/password.txt -n caSigningCert External CA -a
2018-04-30 15:52:07 pkispawn    : DEBUG    ....... Error Type: TypeError
2018-04-30 15:52:07 pkispawn    : DEBUG    ....... Error Message: Object of type 'bytes' is not JSON serializable
2018-04-30 15:52:07 pkispawn    : DEBUG    .......   File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 534, in main
    scriptlet.spawn(deployer)
  File "/usr/lib/python3.6/site-packages/pki/server/deployment/scriptlets/configuration.py", line 1038, in spawn
    json.dumps(data, cls=pki.encoder.CustomTypeEncoder))
  File "/usr/lib64/python3.6/json/__init__.py", line 238, in dumps
    **kw).encode(obj)
  File "/usr/lib64/python3.6/json/encoder.py", line 199, in encode
    chunks = self.iterencode(o, _one_shot=True)
  File "/usr/lib64/python3.6/json/encoder.py", line 257, in iterencode
    return _iterencode(o, 0)
  File "/usr/lib/python3.6/site-packages/pki/encoder.py", line 92, in default
    return json.JSONEncoder.default(self, o)
  File "/usr/lib64/python3.6/json/encoder.py", line 180, in default
    o.__class__.__name__)

pki-bot commented 4 years ago

Comment from cheimes (@tiran) at 2018-04-30 10:43:42

dump of `data` attribute

(Pdb) pp vars(data)
{'adminCertRequest': 'MIICjTC...',
 'adminCertRequestType': 'pkcs10',
 'adminEmail': 'root@localhost',
 'adminName': 'admin',
 'adminPassword': '...',
 'adminProfileID': 'caAdminCert',
 'adminSubjectDN': 'cn=ipa-ca-agent,O=IPA.EXAMPLE',
 'adminUID': 'admin',
 'backupFile': '/etc/pki/pki-tomcat/alias/ca_backup_keys.p12',
 'backupKeys': 'true',
 'backupPassword': '...',
 'baseDN': 'o=ipaca',
 'bindDN': 'cn=Directory Manager',
 'bindpwd': '...',
 'createNewDB': 'true',
 'createSigningCertRecord': 'true',
 'database': 'ipaca',
 'dsHost': 'master.ipa.example',
 'dsPort': '389',
 'external': True,
 'generateServerCert': 'true',
 'generateSubsystemCert': 'true',
 'hierarchy': 'join',
 'importAdminCert': 'false',
 'isClone': 'false',
 'issuingCA': 'External CA',
 'pin': 'sBvvU28w4rhDnmXdshN0',
 'removeData': 'true',
 'replicationPassword': '',
 'secureConn': 'false',
 'securityDomainName': 'IPA',
 'securityDomainType': 'newdomain',
 'sharedDB': 'false',
 'signingCertSerialNumber': '1',
 'standAlone': False,
 'startingCRLNumber': '0',
 'subsystemName': 'CA master.ipa.example 8443',
 'systemCerts': [<pki.system.SystemCertData object at 0x7fbf211f0d68>,
                 <pki.system.SystemCertData object at 0x7fbf2117e860>,
                 <pki.system.SystemCertData object at 0x7fbf2117e6a0>,
                 <pki.system.SystemCertData object at 0x7fbf2117e438>,
                 <pki.system.SystemCertData object at 0x7fbf2117e518>],
 'systemCertsImported': False,
 'token': 'Internal Key Storage Token'}

dump of `pki.system.SystemCertData` object

(Pdb) pp vars(data.systemCerts[0])
{'cert': b'-----BEGIN CERTIFICATE-----\nMIIDHzCCAg...',
 'keyAlgorithm': 'SHA256withRSA',
 'keySize': '2048',
 'keyType': 'rsa',
 'nickname': 'caSigningCert cert-pki-ca',
 'signingAlgorithm': 'SHA256withRSA',
 'subjectDN': 'CN=Certificate '
              'Authority,O=IPA.EXAMPLE',
 'tag': 'signing',
 'token': 'Internal Key Storage Token'}

As you can see, the cert attribute is bytes. Looks like the JSON encoder is unable to handle that case.

pki-bot commented 4 years ago

Comment from cheimes (@tiran) at 2018-04-30 10:43:42

Metadata Update from @tiran:

Custom field component adjusted to None
Custom field feature adjusted to None
Custom field origin adjusted to None
Custom field proposedmilestone adjusted to None
Custom field proposedpriority adjusted to None
Custom field reviewer adjusted to None
Custom field type adjusted to None
Custom field version adjusted to None

pki-bot commented 4 years ago

Comment from cheimes (@tiran) at 2018-04-30 11:36:47

https://review.gerrithub.io/#/c/dogtagpki/pki/+/409517

pki-bot commented 4 years ago

Comment from cheimes (@tiran) at 2018-04-30 11:36:51

Metadata Update from @tiran:

Issue assigned to tiran

pki-bot commented 4 years ago

Comment from cheimes (@tiran) at 2018-05-02 10:31:14

Metadata Update from @tiran:

Issue close_status updated to: fixed
Issue set to the milestone: 10.6.1 (was: 10.6)

pki-bot / pki-issues-final