py3: base64 encoding/decoding returns always bytes don't mix it

Using unicode(bytes) call causes undesired side effect that is inserting `b` character to result. This obviously causes issues with binary base64 data https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2025-02-25 18:55:28 -06:00 · 2017-01-24 17:49:06 +01:00
parent 8e139d4b55
commit caa560ca79
4 changed files with 7 additions and 7 deletions
--- a/ipaserver/plugins/baseldap.py
+++ b/ipaserver/plugins/baseldap.py
@@ -1036,7 +1036,7 @@ last, after all sets and adds."""),
                    except ValueError:
                        if isinstance(delval, bytes):
                            # This is a Binary value, base64 encode it
-                            delval = unicode(base64.b64encode(delval))
+                            delval = base64.b64encode(delval).decode('ascii')
                        raise errors.AttrValueNotFound(attr=attr, value=delval)

        # normalize all values
--- a/ipaserver/plugins/ca.py
+++ b/ipaserver/plugins/ca.py
@@ -4,8 +4,6 @@

 import base64

-import six
-
 from ipalib import api, errors, output, Bytes, DNParam, Flag, Str
 from ipalib.constants import IPA_CA_CN
 from ipalib.plugable import Registry
@@ -176,7 +174,7 @@ def set_certificate_attrs(entry, options, want_cert=True):
    with api.Backend.ra_lightweight_ca as ca_api:
        if want_cert or full:
            der = ca_api.read_ca_cert(ca_id)
-            entry['certificate'] = six.text_type(base64.b64encode(der))
+            entry['certificate'] = base64.b64encode(der).decode('ascii')

        if want_chain or full:
            pkcs7_der = ca_api.read_ca_chain(ca_id)
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -1260,7 +1260,7 @@ class cert_find(Search, CertMethod):
        return (DN(cert_obj.issuer), cert_obj.serial)

    def _get_cert_obj(self, cert, all, raw, pkey_only):
-        obj = {'certificate': unicode(base64.b64encode(cert))}
+        obj = {'certificate': base64.b64encode(cert).decode('ascii')}

        full = not pkey_only and all
        if not raw:
--- a/ipaserver/secrets/client.py
+++ b/ipaserver/secrets/client.py
@@ -70,7 +70,8 @@ class CustodiaClient(object):
        name = gssapi.Name(self.client_service,
                           gssapi.NameType.hostbased_service)
        store = {'client_keytab': self.keytab,
-                 'ccache': 'MEMORY:Custodia_%s' % b64encode(os.urandom(8))}
+                 'ccache': 'MEMORY:Custodia_%s' % b64encode(
+                     os.urandom(8)).decode('ascii')}
        return gssapi.Credentials(name=name, store=store, usage='initiate')

    def _auth_header(self):
@@ -78,7 +79,8 @@ class CustodiaClient(object):
            self.creds = self.init_creds()
        ctx = gssapi.SecurityContext(name=self.service_name, creds=self.creds)
        authtok = ctx.step()
-        return {'Authorization': 'Negotiate %s' % b64encode(authtok)}
+        return {'Authorization': 'Negotiate %s' % b64encode(
+            authtok).decode('ascii')}

    def fetch_key(self, keyname, store=True):