py3: softhsm key_id must be bytes

softhsm works with bytes, so key_id must be byte otherwise we get errors from bytes and string comparison https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2025-01-26 16:16:31 -06:00 · 2017-02-10 17:36:19 +01:00 · 2017-02-10 17:36:19 +01:00 · d7a9e81fbd
commit d7a9e81fbd
parent 27f8f9f03d
2 changed files with 15 additions and 5 deletions
--- a/ipaserver/install/dnskeysyncinstance.py
+++ b/ipaserver/install/dnskeysyncinstance.py
@ -7,7 +7,6 @@ from __future__ import print_function
 import os
 import pwd
 import grp
-import random
 import shutil
 import stat

@ -282,9 +281,7 @@ class DNSKeySyncInstance(service.Service):
            key_id = None
            while True:
                # check if key with this ID exist in softHSM
-                # id is 16 Bytes long
-                key_id = "".join(chr(random.randint(0, 255))
-                                 for _ in range(0, 16))
+                key_id = _ipap11helper.gen_key_id()
                replica_pubkey_dn = DN(('ipk11UniqueId', 'autogenerate'), dn_base)


--- a/ipaserver/p11helper.py
+++ b/ipaserver/p11helper.py
@ -5,6 +5,7 @@
 import random
 import ctypes.util
 import binascii
+import struct

 import six
 from cryptography.hazmat.backends import default_backend
@ -1824,6 +1825,18 @@ MECH_AES_KEY_WRAP = CKM_AES_KEY_WRAP
 MECH_AES_KEY_WRAP_PAD = CKM_AES_KEY_WRAP_PAD


+def gen_key_id(key_id_len=16):
+    """
+    Generate random softhsm KEY_ID
+    :param key_id_len: this should be 16
+    :return: random softhsm KEY_ID in bytes representation
+    """
+    return struct.pack(
+        "B" * key_id_len,  # key_id must be bytes
+        *(random.randint(0, 255) for _ in range(key_id_len))
+    )
+
+
 def generate_master_key(p11, keylabel=u"dnssec-master", key_length=16,
                        disable_old_keys=True):
    assert isinstance(p11, P11_Helper)
@ -1832,7 +1845,7 @@ def generate_master_key(p11, keylabel=u"dnssec-master", key_length=16,
    while True:
        # check if key with this ID exist in LDAP or softHSM
        # id is 16 Bytes long
-        key_id = "".join(chr(random.randint(0, 255)) for _ in range(0, 16))
+        key_id = gen_key_id()
        keys = p11.find_keys(KEY_CLASS_SECRET_KEY,
                             label=keylabel,
                             id=key_id)