py3 dnssec: convert hexlify to str

hexlify returns bytes and needs to be casted to string before printing it out. Related: https://pagure.io/freeipa/issue/4985 Signed-off-by: Tomas Krizek <tkrizek@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2025-02-25 18:55:28 -06:00 · 2017-08-25 15:45:24 +02:00
parent 005d85ff68
commit efded2264f
4 changed files with 50 additions and 37 deletions
--- a/daemons/dnssec/ipa-dnskeysync-replica
+++ b/daemons/dnssec/ipa-dnskeysync-replica
@@ -8,7 +8,6 @@ Download keys from LDAP to local HSM.
 This program should be run only on replicas, not on DNSSEC masters.
 """

-from binascii import hexlify
 from gssapi.exceptions import GSSError
 import logging
 import os
@@ -24,7 +23,7 @@ from ipaplatform.paths import paths
 from ipaserver.dnssec.abshsm import (sync_pkcs11_metadata,
                                     ldap2p11helper_api_params,
                                     wrappingmech_name2id)
-from ipaserver.dnssec.ldapkeydb import LdapKeyDB
+from ipaserver.dnssec.ldapkeydb import LdapKeyDB, str_hexlify
 from ipaserver.dnssec.localhsm import LocalHSM

 logger = logging.getLogger(os.path.basename(__file__))
@@ -36,7 +35,7 @@ WORKDIR = '/tmp'
 def hex_set(s):
    out = set()
    for i in s:
-        out.add("0x%s" % hexlify(i))
+        out.add("0x%s" % str_hexlify(i))
    return out

 def update_metadata_set(source_set, target_set):
@@ -72,7 +71,9 @@ def ldap2replica_master_keys_sync(ldapkeydb, localhsm):
                 hex_set(new_keys))
    for mkey_id in new_keys:
        mkey_ldap = ldapkeydb.master_keys[mkey_id]
-        assert mkey_ldap.wrapped_entries, "Master key 0x%s in LDAP is missing key material referenced by ipaSecretKeyRefObject attribute" % hexlify(mkey_id)
+        assert mkey_ldap.wrapped_entries, ("Master key 0x%s in LDAP is " \
+            "missing key material referenced by ipaSecretKeyRefObject " \
+            "attribute") % str_hexlify(mkey_id)
        for wrapped_ldap in mkey_ldap.wrapped_entries:
            unwrapping_key = find_unwrapping_key(
                localhsm, wrapped_ldap.single_value['ipaWrappingKey'])
@@ -80,14 +81,16 @@ def ldap2replica_master_keys_sync(ldapkeydb, localhsm):
                break

        # TODO: Could it happen in normal cases?
-        assert unwrapping_key is not None, "Local HSM does not contain suitable unwrapping key for master key 0x%s" % hexlify(mkey_id)
+        assert unwrapping_key is not None, ("Local HSM does not contain " \
+            "suitable unwrapping key for master key 0x%s") % \
+            str_hexlify(mkey_id)

        params = ldap2p11helper_api_params(mkey_ldap)
        params['data'] = wrapped_ldap.single_value['ipaSecretKey']
        params['unwrapping_key'] = unwrapping_key.handle
        params['wrapping_mech'] = wrappingmech_name2id[wrapped_ldap.single_value['ipaWrappingMech']]
        logger.debug('Importing new master key: 0x%s %s',
-                     hexlify(mkey_id), params)
+                     str_hexlify(mkey_id), params)
        localhsm.p11.import_wrapped_secret_key(**params)

    # synchronize metadata about master keys in LDAP
@@ -108,14 +111,14 @@ def ldap2replica_zone_keys_sync(ldapkeydb, localhsm):
    for zkey_id in new_keys:
        zkey_ldap = ldapkeydb.zone_keypairs[zkey_id]
        logger.debug('Looking for unwrapping key "%s" for zone key 0x%s',
-                     zkey_ldap['ipaWrappingKey'], hexlify(zkey_id))
+                     zkey_ldap['ipaWrappingKey'], str_hexlify(zkey_id))
        unwrapping_key = find_unwrapping_key(
            localhsm, zkey_ldap['ipaWrappingKey'])
        assert unwrapping_key is not None, \
                "Local HSM does not contain suitable unwrapping key for ' \
-                'zone key 0x%s" % hexlify(zkey_id)
+                'zone key 0x%s" % str_hexlify(zkey_id)

-        logger.debug('Importing zone key pair 0x%s', hexlify(zkey_id))
+        logger.debug('Importing zone key pair 0x%s', str_hexlify(zkey_id))
        localhsm.import_private_key(zkey_ldap, zkey_ldap['ipaPrivateKey'],
                unwrapping_key)
        localhsm.import_public_key(zkey_ldap, zkey_ldap['ipaPublicKey'])
--- a/daemons/dnssec/ipa-ods-exporter
+++ b/daemons/dnssec/ipa-ods-exporter
@@ -16,7 +16,6 @@ Purpose of this replacement is to upload keys generated by OpenDNSSEC to LDAP.
 """
 from __future__ import print_function

-from binascii import hexlify
 from datetime import datetime
 import dateutil.tz
 import dns.dnssec
@@ -38,7 +37,7 @@ from ipapython.dn import DN
 from ipapython import ipaldap
 from ipaplatform.paths import paths
 from ipaserver.dnssec.abshsm import sync_pkcs11_metadata, wrappingmech_name2id
-from ipaserver.dnssec.ldapkeydb import LdapKeyDB
+from ipaserver.dnssec.ldapkeydb import LdapKeyDB, str_hexlify
 from ipaserver.dnssec.localhsm import LocalHSM

 logger = logging.getLogger(os.path.basename(__file__))
@@ -299,8 +298,8 @@ def ldap2master_replica_keys_sync(ldapkeydb, localhsm):
        new_key_ldap = ldapkeydb.replica_pubkeys_wrap[key_id]
        logger.debug('label=%s, id=%s, data=%s',
                     new_key_ldap['ipk11label'],
-                     hexlify(new_key_ldap['ipk11id']),
-                     hexlify(new_key_ldap['ipapublickey']))
+                     str_hexlify(new_key_ldap['ipk11id']),
+                     str_hexlify(new_key_ldap['ipapublickey']))
        localhsm.import_public_key(new_key_ldap, new_key_ldap['ipapublickey'])

    # set CKA_WRAP = FALSE for all replica keys removed from LDAP
@@ -339,7 +338,7 @@ def master2ldap_master_keys_sync(ldapkeydb, localhsm):
    # synchronize master key metadata to LDAP
    for mkey_id, mkey_local in localhsm.master_keys.items():
        logger.debug('synchronizing master key metadata: 0x%s',
-                     hexlify(mkey_id))
+                     str_hexlify(mkey_id))
        sync_pkcs11_metadata('master2ldap_master', mkey_local, ldapkeydb.master_keys[mkey_id])

    # re-wrap all master keys in LDAP with new replica keys (as necessary)
@@ -349,7 +348,7 @@ def master2ldap_master_keys_sync(ldapkeydb, localhsm):

    for mkey_id, mkey_ldap in ldapkeydb.master_keys.items():
        logger.debug('processing master key data: 0x%s',
-                     hexlify(mkey_id))
+                     str_hexlify(mkey_id))

        # check that all active replicas have own copy of master key
        used_replica_keys = set()
@@ -367,13 +366,13 @@ def master2ldap_master_keys_sync(ldapkeydb, localhsm):

        new_replica_keys = enabled_replica_key_ids - used_replica_keys
        logger.debug('master key 0x%s is not wrapped with replica keys %s',
-                     hexlify(mkey_id), hex_set(new_replica_keys))
+                     str_hexlify(mkey_id), hex_set(new_replica_keys))

        # wrap master key with new replica keys
        mkey_local = localhsm.find_keys(id=mkey_id).popitem()[1]
        for replica_key_id in new_replica_keys:
            logger.info('adding master key 0x%s wrapped with replica key 0x%s',
-                        hexlify(mkey_id), hexlify(replica_key_id))
+                        str_hexlify(mkey_id), str_hexlify(replica_key_id))
            replica_key = localhsm.replica_pubkeys_wrap[replica_key_id]
            keydata = localhsm.p11.export_wrapped_key(mkey_local.handle,
                    replica_key.handle,
@@ -446,7 +445,7 @@ def master2ldap_zone_keys_purge(ldapkeydb, localhsm):
 def hex_set(s):
    out = set()
    for i in s:
-        out.add("0x%s" % hexlify(i))
+        out.add("0x%s" % str_hexlify(i))
    return out