misc: encode x509/saml bits (#36515)

2019-11-13 12:24:18 +01:00 · 2019-11-13 12:24:18 +01:00 · 228457be9d
parent 4e6f21ef43
commit 228457be9d
5 changed files with 18 additions and 14 deletions
--- a/tests/test_saml2utils.py
+++ b/tests/test_saml2utils.py
@ -1,5 +1,7 @@
 import shutil

+from django.utils import six
+
 from quixote import cleanup

 from wcs.qommon import x509utils
@ -26,6 +28,6 @@ def test_metadata_generation():
            provider_id='provider_id_1')
    assert meta != None
    content = meta.get_saml2_metadata(pkey, '', True, True)
-    assert isinstance(content, str) and content != ''
+    assert isinstance(content, six.string_types) and content != ''
    assert 'EntityDescriptor' in content
    assert 'SPSSODescriptor' in content
--- a/wcs/qommon/ident/idp.py
+++ b/wcs/qommon/ident/idp.py
@ -19,6 +19,7 @@ try:
 except ImportError:
    lasso = None

+from django.utils.encoding import force_bytes
 from django.utils.six.moves.urllib import parse as urllib
 from django.utils.six.moves.urllib import parse as urlparse

@ -878,16 +879,16 @@ class MethodAdminDirectory(Directory):
        if signing_pem_key:
            privatekey_fn = os.path.join(dir, 'private-key.pem')
            publickey_fn = os.path.join(dir, 'public-key.pem')
-            atomic_write(publickey_fn, signing_pem_key)
-            atomic_write(privatekey_fn, private_signing_pem_key)
+            atomic_write(publickey_fn, force_bytes(signing_pem_key))
+            atomic_write(privatekey_fn, force_bytes(private_signing_pem_key))
        if encryption_pem_key:
            encryption_privatekey_fn = os.path.join(dir, 'encryption-private-key.pem')
            encryption_publickey_fn = os.path.join(dir, 'encryption-public-key.pem')
-            atomic_write(encryption_publickey_fn, encryption_pem_key)
-            atomic_write(encryption_privatekey_fn, private_encryption_pem_key)
+            atomic_write(encryption_publickey_fn, force_bytes(encryption_pem_key))
+            atomic_write(encryption_privatekey_fn, force_bytes(private_encryption_pem_key))

        saml2_metadata_fn = os.path.join(dir, 'saml2-metadata.xml')
-        atomic_write(saml2_metadata_fn, saml2_metadata)
+        atomic_write(saml2_metadata_fn, force_bytes(saml2_metadata))

    def configure_sp_metadatas(self, cfg_sp, signing_pem_key, private_signing_pem_key,
            encryption_pem_key, private_encryption_pem_key):
--- a/wcs/qommon/saml2.py
+++ b/wcs/qommon/saml2.py
@ -324,7 +324,7 @@ class Saml2Directory(Directory):
        assertion_fn = os.path.join(assertions_dir, assertion.iD)
        if os.path.exists(assertion_fn):
            return error_page('Assertion replay')
-        file(assertion_fn, 'w').close()
+        open(assertion_fn, 'w').close()

        try:
            if assertion.subject.subjectConfirmation.method != \
--- a/wcs/qommon/saml2utils.py
+++ b/wcs/qommon/saml2utils.py
@ -16,7 +16,7 @@

 import os

-from . import x509utils
+from . import force_str, x509utils

 def bool2xs(boolean):
    '''Convert a boolean value to XSchema boolean representation'''
@ -195,7 +195,7 @@ class Metadata(object):
        if self.config.get('organization_name'):
            orga = '''<Organization>
   <OrganizationName xml:lang="en">%s</OrganizationName>
-</Organization>''' % self.publisher.sitecharset2utf8(self.config['organization_name'])
+</Organization>''' % force_str(self.config['organization_name'])

        epilogue = '</EntityDescriptor>'

--- a/wcs/qommon/x509utils.py
+++ b/wcs/qommon/x509utils.py
@ -22,6 +22,7 @@ import subprocess
 import stat

 from django.utils import six
+from django.utils.encoding import force_text

 _openssl = 'openssl'

@ -124,7 +125,7 @@ def get_rsa_public_key_modulus(publickey):
            rc, modulus = _call_openssl(['x509', '-in', publickey_fn,'-noout','-modulus'])
        else:
            return None
-        i = modulus.find('=')
+        i = modulus.find(b'=')
        if rc == 0 and i:
            return int(modulus[i+1:].strip(),16)
    finally:
@ -135,7 +136,7 @@ def get_rsa_public_key_exponent(publickey):
    try:
        publickey_file_fd, publickey_fn = tempfile.mkstemp()
        os.fdopen(publickey_file_fd,'w').write(publickey)
-        _exponent = 'Exponent: '
+        _exponent = b'Exponent: '
        if 'BEGIN PUBLIC' in publickey:
            rc, modulus = _call_openssl(['rsa', '-pubin', '-in', publickey_fn,'-noout','-text'])
        elif 'BEGIN RSA PRIVATE' in publickey:
@ -146,7 +147,7 @@ def get_rsa_public_key_exponent(publickey):
        else:
            return None
        i = modulus.find(_exponent)
-        j = modulus.find('(', i)
+        j = modulus.find(b'(', i)
        if rc == 0 and i and j:
            return int(modulus[i+len(_exponent):j].strip())
    finally:
@ -176,5 +177,5 @@ def get_xmldsig_rsa_key_value(publickey):
        <Modulus>%s</Modulus>
        <Exponent>%s</Exponent>
    </RSAKeyValue>
-</KeyValue>''' % (base64.b64encode(int_to_bin(mod)),
-        base64.b64encode(int_to_bin(exp)))
+</KeyValue>''' % (force_text(base64.b64encode(int_to_bin(mod))),
+        force_text(base64.b64encode(int_to_bin(exp))))