Bug 1476150
| Summary: | Custodia does not work in Python 3 | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Standa Laznicka <slaznick> |
| Component: | python-jwcrypto | Assignee: | Patrick Uiterwijk <puiterwijk> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | urgent | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 26 | CC: | cheimes, pcech, puiterwijk, slaznick, ssorce |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-11-03 13:54:08 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I found and fixes a couple of Python 3 issues, see https://github.com/freeipa/freeipa/pull/946. However I'm unable to reproduce the exact error that you are running into. In my tests I'm using python3-ipaserver-4.5.3-1.fc26 + fixes from PR 946. Christian, I should have noted this before - try running the script with the `-bb` switch. I'm able to reproduce the problem with -bb switch. It's a bug in jwcrypto. At some point it compares bytes with str. I filed https://github.com/latchset/jwcrypto/pull/84/commits/61825d34594bde12d018865afb36ff4391430ef7 to address the issue. I have released python-jwcrypto 0.4.2. It contains the fix fix https://github.com/latchset/jwcrypto/commit/323327b688e4d1c969a3eb8d3e571454071c9e2e which addresses the Python 3 bytes/str comparison bugs. The latest release uses -bb to check for further issues and is tested with Python 3.6, too. I'm going to release new versions for Fedora 26 and 27 next. python-jwcrypto-0.4.2-1.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-f21978b7d8 Stanislav, I have pushed 0.4.2 to F27 and requested an upgrade for F26. Please test the upgrade and give karma. python-jwcrypto-0.4.2-3.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-c25388f731 python-jwcrypto-0.4.2-3.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-8bc93b5692 python-jwcrypto-0.4.2-3.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-8bc93b5692 python-jwcrypto-0.4.2-3.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-c25388f731 Tested and added the karma. |
Description of problem: When using the KEMClient from the custodia.message.kem, it's impossible to get KEMClient.parse_reply() working since its second positional argument throws exception when either bytes or string instance is passed to it. Version-Release number of selected component (if applicable): custodia-0.5.0-1.fc26.noarch How reproducible: Always Steps to Reproduce: 1. Have your own KEMClient set up and get yourself a reply from custodia 2a. Try to parse the reply using KEMClient.parse_reply() 2b. Try to parse the raw reply (bytes) using KEMClient.parse_reply() Actual results: str passed as the second argument: ``` File "/usr/lib/python3.6/site-packages/custodia/message/kem.py", line 221, in parse_reply self.server_keys[KEY_USAGE_SIG]) File "/usr/lib/python3.6/site-packages/custodia/message/kem.py", line 245, in decode_enc_kem jwe = JWT(jwt=message, key=enc_key) File "/usr/lib/python3.6/site-packages/jwcrypto/jwt.py", line 204, in __init__ self.deserialize(jwt, key) File "/usr/lib/python3.6/site-packages/jwcrypto/jwt.py", line 460, in deserialize self.token.deserialize(jwt, key) File "/usr/lib/python3.6/site-packages/jwcrypto/jwe.py", line 1239, in deserialize raise InvalidJWEData('Invalid format', repr(e)) ``` bytes passed: ``` File "/usr/lib/python3.6/site-packages/custodia/message/kem.py", line 221, in parse_reply self.server_keys[KEY_USAGE_SIG]) File "/usr/lib/python3.6/site-packages/custodia/message/kem.py", line 245, in decode_enc_kem jwe = JWT(jwt=message, key=enc_key) File "/usr/lib/python3.6/site-packages/jwcrypto/jwt.py", line 204, in __init__ self.deserialize(jwt, key) File "/usr/lib/python3.6/site-packages/jwcrypto/jwt.py", line 443, in deserialize c = jwt.count('.') ``` Expected results: The string or bytes or whatever needs to be passed to the parse_reply() method get properly parsed. Additional info: This happens during FreeIPA ipa-replica-install on domain level 1 which for me is the easiest way to reproduce this. Contact me for a patched version of FreeIPA which would allow you getting to the spot if you need. Note that this is BLOCKING FreeIPA Python 3 adoption in Fedora 27, thus the severity.