Bug#789753: Add Python 3 support to ca-certificates source.

Tue, 23 Jun 2015 22:51:51 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Source: ca-certificates
Version: 20141019
Severity: wishlist
Tags: patch

The attached patch adds support for Python 3.  I have tested it with
multiple Python interpreters (2.7, 3.3, 3.4, PyPy 2.4) and, with this
patch applied, all of them generate the same PEM files that the old
version did on 2.7.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVikL/AAoJEMspy1GSK50UQkEP/37OD3cAJTkJkAjEnarmEudw
VpYzHu6cnlzRremU5M0oUuVSFYkxw2yIwMFtk8JBBenSa4DuQ0XrVIgrhJXR46dV
XiPzazjCUWepp4WcHp0bfSyPqtqONm4g2mf6mTrDNBsReoFPCDQyh4qWJliT8R9h
pU3nvHvDz0BZxRVsAeiIyU64tEwwyiO5pmgQYu3QODSOSSktTR0IIZlPZKg0PjBg
Qt/PpS96dsr4XiI5YzRGnSj09IIDiET9Z7koBiTb5tuPackd+w3+1U9H6rZ1EYH9
tTH/Dk+EfIGisWn/M6BXvvnUBHYccXE1b8kKx6yBHiL61XmCqhgAu3XreM+ezYXe
/wiv8jt/z69Qln9kCGKoz/jwE0GmMP/dzJaQm4kLyXKRdqHtRIxbncHMkvXP0Kxb
0bhzIgy/tWS5I3CCT8LEyq9I9LWhPYmQ6rFKHQraUlVynimO1q0ChQSqRbvp56dn
kNTmusZdTuV7uc245+ZCaZEytuYmmRV2ZdE5ITixdqVVZSjutLswSZoIEE7KvkcV
PXR/kvIaw953pelD9eUua6PwOb97lEL1si3dytE882AcGm1px55SafCfoky8g3vQ
oRwnFrdNU3w7KN4ZyPnvovkzjrFz6c2VnVRqNSVhmUlpfn7j1MNjsqQuw9Nygcvq
+Plm6FRlovXHcC5+f1GK
=vv7F
-----END PGP SIGNATURE-----


From 42ee265a6dc623e7621d694001c2d9b96dcb5d72 Mon Sep 17 00:00:00 2001
From: Andrew Wilcox <awil...@wilcox-tech.com>
Date: Sun, 21 Jun 2015 19:30:59 -0500
Subject: [PATCH] Update certdata2pem.py for Python 3.

Tested and verified working on:
- Python 2.7.10
- Python 3.3.5
- Python 3.4.3
- PyPy 2.4.0

Should work on Python 2.6 as well, but I did not have a machine around
for testing.
---
 mozilla/certdata2pem.py | 32 +++++++++++++++++++-------------
 1 file changed, 19 insertions(+), 13 deletions(-)

diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
index 0482894..ec48ab6 100644
--- a/mozilla/certdata2pem.py
+++ b/mozilla/certdata2pem.py
@@ -53,7 +53,7 @@ for line in open('certdata.txt', 'r'):
             if type == 'MULTILINE_OCTAL':
                 line = line.strip()
                 for i in re.finditer(r'\\([0-3][0-7][0-7])', line):
-                    value += chr(int(i.group(1), 8))
+                    value.append(int(i.group(1), 8))
             else:
                 value += line
             continue
@@ -70,13 +70,13 @@ for line in open('certdata.txt', 'r'):
         field, type = line_parts
         value = None
     else:
-        raise NotImplementedError, 'line_parts < 2 not supported.'
+        raise NotImplementedError('line_parts < 2 not supported.')
     if type == 'MULTILINE_OCTAL':
         in_multiline = True
-        value = ""
+        value = bytearray()
         continue
     obj[field] = value
-if len(obj.items()) > 0:
+if len(obj) > 0:
     objects.append(obj)
 
 # Read blacklist.
@@ -95,7 +95,7 @@ for obj in objects:
     if obj['CKA_CLASS'] not in ('CKO_NETSCAPE_TRUST', 'CKO_NSS_TRUST'):
         continue
     if obj['CKA_LABEL'] in blacklist:
-        print "Certificate %s blacklisted, ignoring." % obj['CKA_LABEL']
+        print("Certificate %s blacklisted, ignoring." % obj['CKA_LABEL'])
     elif obj['CKA_TRUST_SERVER_AUTH'] in ('CKT_NETSCAPE_TRUSTED_DELEGATOR',
                                           'CKT_NSS_TRUSTED_DELEGATOR'):
         trust[obj['CKA_LABEL']] = True
@@ -104,13 +104,13 @@ for obj in objects:
         trust[obj['CKA_LABEL']] = True
     elif obj['CKA_TRUST_SERVER_AUTH'] in ('CKT_NETSCAPE_UNTRUSTED',
                                           'CKT_NSS_NOT_TRUSTED'):
-        print '!'*74
-        print "UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL']
-        print '!'*74
+        print('!'*74)
+        print("UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL'])
+        print('!'*74)
     else:
-        print "Ignoring certificate %s.  SAUTH=%s, EPROT=%s" % \
+        print("Ignoring certificate %s.  SAUTH=%s, EPROT=%s" % \
               (obj['CKA_LABEL'], obj['CKA_TRUST_SERVER_AUTH'],
-               obj['CKA_TRUST_EMAIL_PROTECTION'])
+               obj['CKA_TRUST_EMAIL_PROTECTION']))
 
 for obj in objects:
     if obj['CKA_CLASS'] == 'CKO_CERTIFICATE':
@@ -121,13 +121,19 @@ for obj in objects:
                                       .replace('(', '=')\
                                       .replace(')', '=')\
                                       .replace(',', '_')
-        bname = bname.decode('string_escape')
+
+        # this is the only way to decode the way NSS stores multi-byte UTF-8
+        if bytes != str:
+            bname = bname.encode('utf-8')
+        bname = bname.decode('unicode_escape').encode('latin-1').decode('utf-8')
         fname = bname + '.crt'
+
         if os.path.exists(fname):
-            print "Found duplicate certificate name %s, renaming." % bname
+            print("Found duplicate certificate name %s, renaming." % bname)
             fname = bname + '_2.crt'
         f = open(fname, 'w')
         f.write("-----BEGIN CERTIFICATE-----\n")
-        f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64)))
+        encoded = base64.b64encode(obj['CKA_VALUE']).decode('utf-8')
+        f.write("\n".join(textwrap.wrap(encoded, 64)))
         f.write("\n-----END CERTIFICATE-----\n")
 
-- 
2.4.3

Attachment: 0x922B9D14.asc
Description: application/pgp-keys

Attachment: 0001-Update-certdata2pem.py-for-Python-3.patch.sig
Description: PGP signature

Attachment: 0x922B9D14.asc.sig
Description: PGP signature

Reply via email to