Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 223bb4f

Browse files
author
Nicole Thomas
authored
Merge pull request saltstack#46723 from garethgreenaway/46716_salt_states_x509_error_on_py3
[2018.3.0rc1] fixes to x509 module and state for PY3
2 parents 6e7565f + 042930b commit 223bb4f

3 files changed

Lines changed: 26 additions & 15 deletions

File tree

salt/modules/x509.py

Lines changed: 21 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@
2020
import re
2121
import datetime
2222
import ast
23+
import sys
2324

2425
# Import salt libs
2526
import salt.utils.files
@@ -132,8 +133,8 @@ def _new_extension(name, value, critical=0, issuer=None, _pyfree=1):
132133
'value must be precomputed hash')
133134

134135
# ensure name and value are bytes
135-
name = salt.utils.stringutils.to_bytes(name)
136-
value = salt.utils.stringutils.to_bytes(value)
136+
name = salt.utils.stringutils.to_str(name)
137+
value = salt.utils.stringutils.to_str(value)
137138

138139
try:
139140
ctx = M2Crypto.m2.x509v3_set_nconf()
@@ -320,9 +321,9 @@ def _text_or_file(input_):
320321
'''
321322
if os.path.isfile(input_):
322323
with salt.utils.files.fopen(input_) as fp_:
323-
return salt.utils.stringutils.to_bytes(fp_.read())
324+
return salt.utils.stringutils.to_str(fp_.read())
324325
else:
325-
return input_
326+
return salt.utils.stringutils.to_str(input_)
326327

327328

328329
def _parse_subject(subject):
@@ -497,7 +498,7 @@ def get_pem_entry(text, pem_type=None):
497498
ret += pem_body[i:i + 64] + '\n'
498499
ret += pem_footer + '\n'
499500

500-
return ret.encode('ascii')
501+
return salt.utils.stringutils.to_bytes(ret, encoding='ascii')
501502

502503

503504
def get_pem_entries(glob_path):
@@ -682,27 +683,27 @@ def get_public_key(key, passphrase=None, asObj=False):
682683

683684
if isinstance(key, M2Crypto.X509.X509):
684685
rsa = key.get_pubkey().get_rsa()
685-
text = ''
686+
text = b''
686687
else:
687688
text = _text_or_file(key)
688689
text = get_pem_entry(text)
689690

690-
if text.startswith('-----BEGIN PUBLIC KEY-----'):
691+
if text.startswith(b'-----BEGIN PUBLIC KEY-----'):
691692
if not asObj:
692693
return text
693694
bio = M2Crypto.BIO.MemoryBuffer()
694695
bio.write(text)
695696
rsa = M2Crypto.RSA.load_pub_key_bio(bio)
696697

697698
bio = M2Crypto.BIO.MemoryBuffer()
698-
if text.startswith('-----BEGIN CERTIFICATE-----'):
699+
if text.startswith(b'-----BEGIN CERTIFICATE-----'):
699700
cert = M2Crypto.X509.load_cert_string(text)
700701
rsa = cert.get_pubkey().get_rsa()
701-
if text.startswith('-----BEGIN CERTIFICATE REQUEST-----'):
702+
if text.startswith(b'-----BEGIN CERTIFICATE REQUEST-----'):
702703
csr = M2Crypto.X509.load_request_string(text)
703704
rsa = csr.get_pubkey().get_rsa()
704-
if (text.startswith('-----BEGIN PRIVATE KEY-----') or
705-
text.startswith('-----BEGIN RSA PRIVATE KEY-----')):
705+
if (text.startswith(b'-----BEGIN PRIVATE KEY-----') or
706+
text.startswith(b'-----BEGIN RSA PRIVATE KEY-----')):
706707
rsa = M2Crypto.RSA.load_key_string(
707708
text, callback=_passphrase_callback(passphrase))
708709

@@ -852,7 +853,7 @@ def create_private_key(path=None,
852853
pem_type='(?:RSA )?PRIVATE KEY'
853854
)
854855
else:
855-
return bio.read_all()
856+
return salt.utils.stringutils.to_str(bio.read_all())
856857

857858

858859
def create_crl( # pylint: disable=too-many-arguments,too-many-locals
@@ -1430,7 +1431,14 @@ def create_certificate(
14301431
if 'serial_number' not in kwargs:
14311432
kwargs['serial_number'] = _dec2hex(
14321433
random.getrandbits(kwargs['serial_bits']))
1433-
cert.set_serial_number(int(kwargs['serial_number'].replace(':', ''), 16))
1434+
serial_number = int(kwargs['serial_number'].replace(':', ''), 16)
1435+
# With Python3 we occasionally end up with an INT
1436+
# that is too large because Python3 no longer supports long INTs.
1437+
# If we're larger than the maxsize value
1438+
# then we adjust the serial number.
1439+
if serial_number > sys.maxsize:
1440+
serial_number = serial_number - sys.maxsize
1441+
cert.set_serial_number(serial_number)
14341442

14351443
# Set validity dates
14361444
# pylint: disable=no-member

salt/states/x509.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -308,6 +308,9 @@ def private_key_managed(name,
308308
file_args['contents'] = __salt__['x509.create_private_key'](
309309
text=True, bits=bits, passphrase=passphrase, cipher=cipher, verbose=verbose)
310310

311+
# Ensure the key contents are a string before passing it along
312+
file_args['contents'] = salt.utils.stringutils.to_str(file_args['contents'])
313+
311314
ret = __states__['file.managed'](**file_args)
312315
if ret['changes'] and new_key:
313316
ret['changes'] = {'new': 'New private key generated'}

tests/unit/modules/test_x509.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -78,7 +78,7 @@ def test_get_pem_entry(self):
7878
Test private function _parse_subject(subject) it handles a missing fields
7979
:return:
8080
'''
81-
ca_key = '''-----BEGIN RSA PRIVATE KEY-----
81+
ca_key = b'''-----BEGIN RSA PRIVATE KEY-----
8282
MIICWwIBAAKBgQCjdjbgL4kQ8Lu73xeRRM1q3C3K3ptfCLpyfw38LRnymxaoJ6ls
8383
pNSx2dU1uJ89YKFlYLo1QcEk4rJ2fdIjarV0kuNCY3rC8jYUp9BpAU5Z6p9HKeT1
8484
2rTPH81JyjbQDR5PyfCyzYOQtpwpB4zIUUK/Go7tTm409xGKbbUFugJNgQIDAQAB
@@ -163,4 +163,4 @@ def test_create_certificate(self):
163163
authorityKeyIdentifier='keyid,issuer:always',
164164
days_valid=3650,
165165
days_remaining=0)
166-
self.assertIn('BEGIN CERTIFICATE', ret)
166+
self.assertIn(b'BEGIN CERTIFICATE', ret)

0 commit comments

Comments
 (0)