pki.crypto.NSSCryptoProvider.import_cert is broken in Python 3

pki-bot commented 3 years ago

This issue was migrated from Pagure Issue #3108. Originally filed by redrobot (@dmend) on 2019-09-18 11:46:58:

Closed at 2019-09-23 15:29:21 as fixed
Assigned to nobody

pki.crypto.NSSCryptoProvider.import_cert raises a TypeError when attempting to import a pki.cert.CertData object.

File "/usr/lib/python3.7/site-packages/pki/crypto.py", line 200, in import_cert cert_file.write(content) File "/usr/lib64/python3.7/tempfile.py", line 481, in func_wrapper return func(*args, **kwargs) TypeError: a bytes-like object is required, not 'str'

It appears the Issue is that CertData.encoded returns a unicode string in Python 3. i.e. type(CertData.encoded) == str, but the write() function used to write the cert data to a temporary file requires bytes type objects:

https://github.com/dogtagpki/pki/blob/9cf1f8392b30a1c3fccc5fd1c10670f4fea221cf/base/common/python/pki/crypto.py#L192-L199

pki-bot commented 3 years ago

Comment from dmoluguw (@SilleBille) at 2019-09-19 14:25:02

Hello @dmend ,

Thank you for filing the bug and pointing us in the right direction. Is it possible to share the steps to reproduce, to help me test before I push the fix?

pki-bot commented 3 years ago

Comment from dmoluguw (@SilleBille) at 2019-09-19 14:25:03

Metadata Update from @SilleBille:

Custom field component adjusted to None
Custom field feature adjusted to None
Custom field origin adjusted to None
Custom field proposedmilestone adjusted to None
Custom field proposedpriority adjusted to None
Custom field reviewer adjusted to None
Custom field type adjusted to None
Custom field version adjusted to None

pki-bot commented 3 years ago

Comment from redrobot (@dmend) at 2019-09-19 15:46:50

Hi @SilleBille ,

You should be able to reproduce the bug with this short python script:

from pki import cert
from pki import client
from pki import crypto
from pki import kra

conn = client.PKIConnection('https', 'localhost', '8443', 'kra')
provider = crypto.NSSCryptoProvider('/path/to/nss/db/alias', b'NSS_DB_PASSWORD')
kra_client = kra.KRAClient(conn, provider)
transport_cert = kra_client.system_certs.get_transport_cert()
assert type(transport_cert) is cert.CertData
provider.import_cert('KRA Transport Cert', transport_cert, ',,')

pki-bot commented 3 years ago

Comment from dmoluguw (@SilleBille) at 2019-09-20 11:04:37

I have the PR ready to be reviewed & merged: https://github.com/dogtagpki/pki/pull/262

Update: The PR has been merged

pki-bot commented 3 years ago

Comment from dmoluguw (@SilleBille) at 2019-09-23 15:29:22

Fixed in V10.7.4 which will be released on PyPI and probably won't make it on Fedora

V10.7.4 commit: https://github.com/dogtagpki/pki/commit/4c98ff89cfaeb5e7f0bf1a48455cb725dc8602a9

pki-bot commented 3 years ago

Comment from dmoluguw (@SilleBille) at 2019-09-23 15:29:22

Metadata Update from @SilleBille:

Issue close_status updated to: fixed
Issue status updated to: Closed (was: Open)

pki-bot commented 3 years ago

Comment from dmoluguw (@SilleBille) at 2019-09-23 17:12:11

The fix is now available via the PyPi update: https://pypi.org/project/dogtag-pki/10.7.4.1/

pki-bot / pki-issues-final

pki.crypto.NSSCryptoProvider.import_cert is broken in Python 3 #2657