From 43178a29e5e105c7cf54b9322483e981236a84ae Mon Sep 17 00:00:00 2001
From: Victor Stinner <vstinner@redhat.com>
Date: Thu, 22 Oct 2015 16:53:38 +0200
Subject: [PATCH] Port signature_utils to Python 3

* Catch also binascii.Error when decoding Base64: Python 3 raises
  binascii.Error, not TypeError.
* Replace base64.b64decode() with base64.decode_as_bytes() to get
  accept also Unicode.
* verify_signature(): encode checksum_hash to UTF-8 if it's Unicode.
* Fix test_signature_utils: use byte strings
* tox.ini: add glance.tests.unit.common.test_signature_utils

Change-Id: I386892f3e28f9454a438e414730318ec3f771342
---
 glance/common/signature_utils.py                 | 11 ++++++++---
 glance/tests/unit/common/test_signature_utils.py | 10 +++++-----
 tox.ini                                          |  1 +
 3 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/glance/common/signature_utils.py b/glance/common/signature_utils.py
index b925d433cf..502092a04b 100644
--- a/glance/common/signature_utils.py
+++ b/glance/common/signature_utils.py
@@ -15,7 +15,7 @@
 
 """Support signature verification."""
 
-import base64
+import binascii
 
 from castellan import key_manager
 from cryptography import exceptions as crypto_exception
@@ -25,7 +25,9 @@ from cryptography.hazmat.primitives.asymmetric import rsa
 from cryptography.hazmat.primitives import hashes
 from cryptography import x509
 from oslo_log import log as logging
+from oslo_serialization import base64
 from oslo_utils import encodeutils
+import six
 
 from glance.common import exception
 from glance import i18n
@@ -112,6 +114,9 @@ def verify_signature(context, checksum_hash, image_properties):
             'Required image properties for signature verification do not'
             ' exist. Cannot verify signature.')
 
+    if isinstance(checksum_hash, six.text_type):
+        checksum_hash = checksum_hash.encode('utf-8')
+
     signature = get_signature(image_properties[SIGNATURE])
     hash_method = get_hash_method(image_properties[HASH_METHOD])
     signature_key_type = get_signature_key_type(
@@ -179,8 +184,8 @@ def get_signature(signature_data):
     :raises: SignatureVerificationError if the signature data is malformatted
     """
     try:
-        signature = base64.b64decode(signature_data)
-    except TypeError:
+        signature = base64.decode_as_bytes(signature_data)
+    except (TypeError, binascii.Error):
         raise exception.SignatureVerificationError(
             'The signature data was not properly encoded using base64')
 
diff --git a/glance/tests/unit/common/test_signature_utils.py b/glance/tests/unit/common/test_signature_utils.py
index 1d04ab069a..cd9356ec0b 100644
--- a/glance/tests/unit/common/test_signature_utils.py
+++ b/glance/tests/unit/common/test_signature_utils.py
@@ -119,9 +119,9 @@ class TestSignatureUtils(test_utils.BaseTestCase):
 
     @mock.patch('glance.common.signature_utils.get_public_key')
     def test_verify_signature_PSS(self, mock_get_pub_key):
-        checksum_hash = '224626ae19824466f2a7f39ab7b80f7f'
+        checksum_hash = b'224626ae19824466f2a7f39ab7b80f7f'
         mock_get_pub_key.return_value = TEST_PRIVATE_KEY.public_key()
-        for hash_name, hash_alg in signature_utils.HASH_METHODS.iteritems():
+        for hash_name, hash_alg in signature_utils.HASH_METHODS.items():
             signer = TEST_PRIVATE_KEY.signer(
                 padding.PSS(
                     mgf=padding.MGF1(hash_alg),
@@ -143,10 +143,10 @@ class TestSignatureUtils(test_utils.BaseTestCase):
 
     @mock.patch('glance.common.signature_utils.get_public_key')
     def test_verify_signature_custom_PSS_salt(self, mock_get_pub_key):
-        checksum_hash = '224626ae19824466f2a7f39ab7b80f7f'
+        checksum_hash = b'224626ae19824466f2a7f39ab7b80f7f'
         mock_get_pub_key.return_value = TEST_PRIVATE_KEY.public_key()
         custom_salt_length = 32
-        for hash_name, hash_alg in signature_utils.HASH_METHODS.iteritems():
+        for hash_name, hash_alg in signature_utils.HASH_METHODS.items():
             signer = TEST_PRIVATE_KEY.signer(
                 padding.PSS(
                     mgf=padding.MGF1(hash_alg),
@@ -269,7 +269,7 @@ class TestSignatureUtils(test_utils.BaseTestCase):
                                 None, checksum_hash, image_properties)
 
     def test_get_signature(self):
-        signature = 'A' * 256
+        signature = b'A' * 256
         data = base64.b64encode(signature)
         self.assertEqual(signature,
                          signature_utils.get_signature(data))
diff --git a/tox.ini b/tox.ini
index b4057954ba..f7b868bb2b 100644
--- a/tox.ini
+++ b/tox.ini
@@ -38,6 +38,7 @@ commands =
     glance.tests.unit.common.test_rpc \
     glance.tests.unit.common.test_scripts \
     glance.tests.unit.common.test_semver \
+    glance.tests.unit.common.test_signature_utils \
     glance.tests.unit.common.test_swift_store_utils \
     glance.tests.unit.common.test_utils \
     glance.tests.unit.common.test_wsgi \