From 74455d80575aa174db0217c5eae905eacab42d78 Mon Sep 17 00:00:00 2001
From: Tin Lam <tin@irrational.io>
Date: Thu, 5 Oct 2017 21:47:30 -0500
Subject: [PATCH] Fix py3 byte/string error

This patch set corrects a problem when the keystonemiddleware is
executed with memcache encryption enabled.  Currently, the
hmac.new() calls throw exceptions in python3 due to how py2 and py3
handles string vs. byte/bytearray.

Co-Authored-By: Rohan Arora <ra271w@att.com>

Closes-Bug: #1713574
Change-Id: I9bb291be48a094b9f266a8459a3f51ee163d33a3
---
 keystonemiddleware/auth_token/_memcache_crypt.py | 16 ++++++++++++++++
 .../tests/unit/auth_token/test_memcache_crypt.py |  2 +-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/keystonemiddleware/auth_token/_memcache_crypt.py b/keystonemiddleware/auth_token/_memcache_crypt.py
index 554d0201..4539b497 100644
--- a/keystonemiddleware/auth_token/_memcache_crypt.py
+++ b/keystonemiddleware/auth_token/_memcache_crypt.py
@@ -33,6 +33,7 @@ import hashlib
 import hmac
 import math
 import os
+import six
 
 from keystonemiddleware.i18n import _
 from oslo_utils import secretutils
@@ -98,6 +99,15 @@ def derive_keys(token, secret, strategy):
     This approach is faster than computing a separate hmac as the KDF
     for each desired key.
     """
+    if not isinstance(secret, six.binary_type):
+        secret = secret.encode()
+
+    if not isinstance(token, six.binary_type):
+        token = token.encode()
+
+    if not isinstance(strategy, six.binary_type):
+        strategy = strategy.encode()
+
     digest = hmac.new(secret, token + strategy, HASH_FUNCTION).digest()
     return {'CACHE_KEY': digest[:DIGEST_SPLIT],
             'MAC': digest[DIGEST_SPLIT: 2 * DIGEST_SPLIT],
@@ -107,6 +117,12 @@ def derive_keys(token, secret, strategy):
 
 def sign_data(key, data):
     """Sign the data using the defined function and the derived key."""
+    if not isinstance(key, six.binary_type):
+        key = key.encode()
+
+    if not isinstance(data, six.binary_type):
+        data = data.encode()
+
     mac = hmac.new(key, data, HASH_FUNCTION).digest()
     return base64.b64encode(mac)
 
diff --git a/keystonemiddleware/tests/unit/auth_token/test_memcache_crypt.py b/keystonemiddleware/tests/unit/auth_token/test_memcache_crypt.py
index 74fc38c5..2c2c2725 100644
--- a/keystonemiddleware/tests/unit/auth_token/test_memcache_crypt.py
+++ b/keystonemiddleware/tests/unit/auth_token/test_memcache_crypt.py
@@ -18,7 +18,7 @@ from keystonemiddleware.tests.unit import utils
 
 class MemcacheCryptPositiveTests(utils.BaseTestCase):
     def _setup_keys(self, strategy):
-        return memcache_crypt.derive_keys(b'token', b'secret', strategy)
+        return memcache_crypt.derive_keys('token', 'secret', strategy)
 
     def test_derive_keys(self):
         keys = self._setup_keys(b'strategy')