X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Ftrust%2Fcertificate.py;h=817422624dd737246695a2fd8ed9290329e71697;hb=061c47a7b94d746ef379591230f8e96e31c5b5bf;hp=199504dc93a2731cdc5405f4f0d698a4da46f0d9;hpb=4948d60ec323588e00627eee303aa3859bba3c41;p=sfa.git

diff --git a/sfa/trust/certificate.py b/sfa/trust/certificate.py
index 199504dc..81742262 100644
--- a/sfa/trust/certificate.py
+++ b/sfa/trust/certificate.py
@@ -45,7 +45,7 @@
 #
 
 
-from __future__ import print_function
+
 
 import functools
 import os
@@ -117,7 +117,7 @@ def convert_public_key(key):
 
     (ssh_f, ssh_fn) = tempfile.mkstemp()
     ssl_fn = tempfile.mktemp()
-    os.write(ssh_f, key)
+    os.write(ssh_f, key.encode())
     os.close(ssh_f)
 
     cmd = keyconvert_path + " " + ssh_fn + " " + ssl_fn
@@ -182,7 +182,8 @@ class Keypair:
     # @param filename name of file to store the keypair in
 
     def save_to_file(self, filename):
-        open(filename, 'w').write(self.as_pem())
+        with open(filename, 'wb') as output:
+            output.write(self.as_pem())
         self.filename = filename
 
     ##
@@ -190,6 +191,7 @@ class Keypair:
     # public key.
 
     def load_from_file(self, filename):
+        logger.info(f"opening {filename} from certficate.load_from_file")
         self.filename = filename
         buffer = open(filename, 'r').read()
         self.load_from_string(buffer)
@@ -205,12 +207,13 @@ class Keypair:
                 OpenSSL.crypto.FILETYPE_PEM, string,
                 functools.partial(glo_passphrase_callback, self, string))
             self.m2key = M2Crypto.EVP.load_key_string(
-                string, functools.partial(glo_passphrase_callback,
-                                          self, string))
+                string.encode(encoding="utf-8"),
+                functools.partial(glo_passphrase_callback, self, string))
         else:
             self.key = OpenSSL.crypto.load_privatekey(
                 OpenSSL.crypto.FILETYPE_PEM, string)
-            self.m2key = M2Crypto.EVP.load_key_string(string)
+            self.m2key = M2Crypto.EVP.load_key_string(
+                string.encode(encoding="utf-8"))
 
     ##
     #  Load the public key from a string. No private key is loaded.
@@ -273,7 +276,8 @@ class Keypair:
     def get_m2_pubkey(self):
         import M2Crypto
         if not self.m2key:
-            self.m2key = M2Crypto.EVP.load_key_string(self.as_pem())
+            self.m2key = M2Crypto.EVP.load_key_string(
+                self.as_pem().encode(encoding="utf-8"))
         return self.m2key
 
     ##
@@ -520,7 +524,7 @@ class Certificate:
                 req = OpenSSL.crypto.X509Req()
                 reqSubject = req.get_subject()
                 if isinstance(subject, dict):
-                    for key in reqSubject.keys():
+                    for key in list(reqSubject.keys()):
                         setattr(reqSubject, key, subject[key])
                 else:
                     setattr(reqSubject, "CN", subject)
@@ -547,7 +551,7 @@ class Certificate:
         req = OpenSSL.crypto.X509Req()
         subj = req.get_subject()
         if isinstance(name, dict):
-            for key in name.keys():
+            for key in list(name.keys()):
                 setattr(subj, key, name[key])
         else:
             setattr(subj, "CN", name)
@@ -583,7 +587,6 @@ class Certificate:
         data = self.get_data(field='subjectAltName')
         if data:
             message += " SubjectAltName:"
-            counter = 0
             filtered = [self.filter_chunk(chunk) for chunk in data.split()]
             message += " ".join([f for f in filtered if f])
             omitted = len([f for f in filtered if not f])
@@ -676,6 +679,11 @@ class Certificate:
 #            raise "Cannot add extension {} which had val {} with new val {}"\
 #                  .format(name, oldExtVal, value)
 
+        if isinstance(name, str):
+            name = name.encode()
+        if isinstance(value, str):
+            value = value.encode()
+
         ext = OpenSSL.crypto.X509Extension(name, critical, value)
         self.x509.add_extensions([ext])
 
@@ -791,11 +799,11 @@ class Certificate:
     # @param cert certificate object
 
     def is_signed_by_cert(self, cert):
-        k = cert.get_pubkey()
+        key = cert.get_pubkey()
         logger.debug("Certificate.is_signed_by_cert -> verify on {}\n"
                      "with pubkey {}"
-                     .format(self, k))
-        result = self.verify(k)
+                     .format(self, key))
+        result = self.verify(key)
         return result
 
     ##
@@ -838,7 +846,6 @@ class Certificate:
         # the public key contained in it's parent. The chain is recursed
         # until a certificate is found that is signed by a trusted root.
 
-        logger.debug("Certificate.verify_chain {}".format(self.pretty_name()))
         # verify expiration time
         if self.x509.has_expired():
             if debug_verify_chain:
@@ -848,7 +855,8 @@ class Certificate:
 
         # if this cert is signed by a trusted_cert, then we are set
         for i, trusted_cert in enumerate(trusted_certs, 1):
-            logger.debug("Certificate.verify_chain - trying trusted #{} : {}"
+            logger.debug(5*'-' +
+                         " Certificate.verify_chain - trying trusted #{} : {}"
                          .format(i, trusted_cert.pretty_name()))
             if self.is_signed_by_cert(trusted_cert):
                 # verify expiration of trusted_cert ?
@@ -937,7 +945,7 @@ class Certificate:
         return triples
 
     def get_data_names(self):
-        return self.data.keys()
+        return list(self.data.keys())
 
     def get_all_datas(self):
         triples = self.get_extensions()