Description of problem: When using the KEMClient from the custodia.message.kem, it's impossible to get KEMClient.parse_reply() working since its second positional argument throws exception when either bytes or string instance is passed to it. Version-Release number of selected component (if applicable): custodia-0.5.0-1.fc26.noarch How reproducible: Always Steps to Reproduce: 1. Have your own KEMClient set up and get yourself a reply from custodia 2a. Try to parse the reply using KEMClient.parse_reply() 2b. Try to parse the raw reply (bytes) using KEMClient.parse_reply() Actual results: str passed as the second argument: ``` File "/usr/lib/python3.6/site-packages/custodia/message/kem.py", line 221, in parse_reply self.server_keys[KEY_USAGE_SIG]) File "/usr/lib/python3.6/site-packages/custodia/message/kem.py", line 245, in decode_enc_kem jwe = JWT(jwt=message, key=enc_key) File "/usr/lib/python3.6/site-packages/jwcrypto/jwt.py", line 204, in __init__ self.deserialize(jwt, key) File "/usr/lib/python3.6/site-packages/jwcrypto/jwt.py", line 460, in deserialize self.token.deserialize(jwt, key) File "/usr/lib/python3.6/site-packages/jwcrypto/jwe.py", line 1239, in deserialize raise InvalidJWEData('Invalid format', repr(e)) ``` bytes passed: ``` File "/usr/lib/python3.6/site-packages/custodia/message/kem.py", line 221, in parse_reply self.server_keys[KEY_USAGE_SIG]) File "/usr/lib/python3.6/site-packages/custodia/message/kem.py", line 245, in decode_enc_kem jwe = JWT(jwt=message, key=enc_key) File "/usr/lib/python3.6/site-packages/jwcrypto/jwt.py", line 204, in __init__ self.deserialize(jwt, key) File "/usr/lib/python3.6/site-packages/jwcrypto/jwt.py", line 443, in deserialize c = jwt.count('.') ``` Expected results: The string or bytes or whatever needs to be passed to the parse_reply() method get properly parsed. Additional info: This happens during FreeIPA ipa-replica-install on domain level 1 which for me is the easiest way to reproduce this. Contact me for a patched version of FreeIPA which would allow you getting to the spot if you need. Note that this is BLOCKING FreeIPA Python 3 adoption in Fedora 27, thus the severity.
I found and fixes a couple of Python 3 issues, see https://github.com/freeipa/freeipa/pull/946. However I'm unable to reproduce the exact error that you are running into. In my tests I'm using python3-ipaserver-4.5.3-1.fc26 + fixes from PR 946.
Christian, I should have noted this before - try running the script with the `-bb` switch.
I'm able to reproduce the problem with -bb switch. It's a bug in jwcrypto. At some point it compares bytes with str. I filed https://github.com/latchset/jwcrypto/pull/84/commits/61825d34594bde12d018865afb36ff4391430ef7 to address the issue.
I have released python-jwcrypto 0.4.2. It contains the fix fix https://github.com/latchset/jwcrypto/commit/323327b688e4d1c969a3eb8d3e571454071c9e2e which addresses the Python 3 bytes/str comparison bugs. The latest release uses -bb to check for further issues and is tested with Python 3.6, too. I'm going to release new versions for Fedora 26 and 27 next.
python-jwcrypto-0.4.2-1.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-f21978b7d8
Stanislav, I have pushed 0.4.2 to F27 and requested an upgrade for F26. Please test the upgrade and give karma.
python-jwcrypto-0.4.2-3.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-c25388f731
python-jwcrypto-0.4.2-3.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-8bc93b5692
python-jwcrypto-0.4.2-3.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-8bc93b5692
python-jwcrypto-0.4.2-3.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-c25388f731
Tested and added the karma.