Merge pull request #1418 from privacyidea/python3_update_ca_tests

Make certificate tests run with python 3

privacyidea/lib/caconnectors/localca.py

@@ -28,7 +28,7 @@
This module is tested in tests/test_lib_caconnector.py
"""
from privacyidea.lib.error import CAError
from privacyidea.lib.utils import int_to_hex
from privacyidea.lib.utils import int_to_hex, to_unicode
from privacyidea.lib.caconnectors.baseca import BaseCAConnector
from OpenSSL import crypto
from subprocess import Popen, PIPE
@@ -201,7 +201,7 @@ def _get_crl_next_update(filename):
    # Unfortunately pyOpenSSL does not support this. so we dump the
    # CRL and parse the text :-/
    # We do not want to add dependency to pyasn1
    crl_text = crypto.dump_crl(crypto.FILETYPE_TEXT, crl_obj)
    crl_text = to_unicode(crypto.dump_crl(crypto.FILETYPE_TEXT, crl_obj))
    for line in crl_text.split("\n"):
        if "Next Update: " in line:
            key, value = line.split(":", 1)
@@ -332,15 +332,14 @@ def _filename_from_x509(x509_name, file_extension="pem"):
        return a filename from the subject from an x509 object
        :param x509_name: The X509Name object
        :type x509_name: X509Name object
        :param file_extension:
        :type file_extension: str
        :return: filename
        :rtype: basestring
        :rtype: str
        """
        name_components = x509_name.get_components()
        filename = ""
        for (key, value) in name_components:
            filename += value+"_"
        filename = filename[:-1] + "." + file_extension
        return filename
        filename = "_".join([to_unicode(value) for (key, value) in name_components])
        return '.'.join([filename, file_extension])

    def sign_request(self, csr, options=None):
        """
@@ -402,31 +401,26 @@ def sign_request(self, csr, options=None):
                csr_obj.get_subject(), file_extension="pem")
            #csr_extensions = csr_obj.get_extensions()
        csr_filename = csr_filename.replace(" ", "_")
        if type(csr_filename) == str:
            csr_filename = csr_filename.decode("utf-8")
        csr_filename = csr_filename.encode("ascii", "ignore")
        certificate_filename = certificate_filename.replace(" ", "_")
        if type(certificate_filename) == str:
            certificate_filename = certificate_filename.decode("utf-8")
        certificate_filename = certificate_filename.encode("ascii", "ignore")
        # dump the file
        with open(csrdir + "/" + csr_filename, "w") as f:
        csr_filename = to_unicode(csr_filename.encode('ascii', 'ignore'))
        with open(os.path.join(csrdir, csr_filename), "w") as f:
            f.write(csr)

        # TODO: use the template name to set the days and the extention!
        if spkac:
            cmd = CA_SIGN_SPKAC.format(cakey=self.cakey, cacert=self.cacert,
                                       days=days, config=config,
                                       extension=extension,
                                       spkacfile=csrdir + "/" + csr_filename,
                                       certificate=certificatedir + "/" +
                                                   certificate_filename)
                                       spkacfile=os.path.join(csrdir, csr_filename),
                                       certificate=os.path.join(certificatedir,
                                                                certificate_filename))
        else:
            cmd = CA_SIGN.format(cakey=self.cakey, cacert=self.cacert,
                                 days=days, config=config, extension=extension,
                                 csrfile=csrdir + "/" + csr_filename,
                                 certificate=certificatedir + "/" +
                                             certificate_filename)
                                 csrfile=os.path.join(csrdir, csr_filename),
                                 certificate=os.path.join(certificatedir,
                                                          certificate_filename))
        # run the command
        args = shlex.split(cmd)
        p = Popen(args, stdout=PIPE, stderr=PIPE, cwd=workingdir)
@@ -435,7 +429,7 @@ def sign_request(self, csr, options=None):
            # Some error occurred
            raise CAError(error)

        with open(certificatedir + "/" + certificate_filename, "r") as f:
        with open(os.path.join(certificatedir, certificate_filename), "rb") as f:
            certificate = f.read()

        # We return the cert_obj.

privacyidea/lib/tokens/certificatetoken.py

@@ -32,6 +32,8 @@
"""

import logging

from privacyidea.lib.utils import to_unicode
from privacyidea.lib.tokenclass import TokenClass
from privacyidea.lib.log import log_with
from privacyidea.api.lib.utils import getParam
@@ -217,8 +219,8 @@ def update(self, param):
            # req.get_subject().organizationName = 'xxx'
            req.set_pubkey(key)
            req.sign(key, "sha256")
            x509object = cacon.sign_request(crypto.dump_certificate_request(
                crypto.FILETYPE_PEM, req), options={"template": template_name})
            csr = to_unicode(crypto.dump_certificate_request(crypto.FILETYPE_PEM, req))
            x509object = cacon.sign_request(csr, options={"template": template_name})
            certificate = crypto.dump_certificate(crypto.FILETYPE_PEM,
                                                  x509object)
            # Save the private key to the encrypted key field of the token

tests/conftest.py

@@ -22,11 +22,9 @@
        'test_api_users.py',
        'test_api_validate.py',
        'test_lib_applications.py',
        'test_lib_caconnector.py',
        'test_lib_challenges.py',
        'test_lib_importotp.py',
        'test_lib_smsprovider.py',
        'test_lib_tokens_certificate.py',
        'test_lib_tokens_daplug.py',
        'test_lib_tokens_foureyes.py',
        'test_lib_tokens_motp.py',

tests/test_lib_caconnector.py

@@ -10,7 +10,7 @@
from mock import patch
from privacyidea.lib.caconnectors.localca import LocalCAConnector, ATTR
from OpenSSL import crypto
from privacyidea.lib.utils import int_to_hex
from privacyidea.lib.utils import int_to_hex, to_unicode
from privacyidea.lib.error import CAError
from privacyidea.lib.caconnector import (get_caconnector_list,
                                         get_caconnector_class,
@@ -199,15 +199,15 @@ def test_02_sign_cert(self):
        r = cacon.create_crl()
        self.assertEqual(r, "crl.pem")
        # Check if the serial number is contained in the CRL!
        filename = cwd + "/" + WORKINGDIR + "/crl.pem"
        filename = os.path.join(cwd, WORKINGDIR, "crl.pem")
        f = open(filename)
        buff = f.read()
        f.close()
        crl = crypto.load_crl(crypto.FILETYPE_PEM, buff)
        revoked_certs = crl.get_revoked()
        found_revoked_cert = False
        for revoked_cert in revoked_certs:
            s = revoked_cert.get_serial()
            s = to_unicode(revoked_cert.get_serial())
            if s == serial_hex:
                found_revoked_cert = True
                break
@@ -272,7 +272,7 @@ def test_05_templates(self):
        self.assertTrue("template3" in templates)
        cert = cacon.sign_request(SPKAC, options={"spkac": 1,
                                                  "template": "webserver"})
        expires = cert.get_notAfter()
        expires = to_unicode(cert.get_notAfter())
        import datetime
        dt = datetime.datetime.strptime(expires, "%Y%m%d%H%M%SZ")
        ddiff = dt - datetime.datetime.now()