Add Python 3 support to ca-certificates.

Thanks to Andrew Wilcox for the patch! Closes: #789753
author: Michael Shuler <michael@pbandjelly.org> 2015-10-22 15:33:15 -0500
committer: Michael Shuler <michael@pbandjelly.org> 2015-10-22 15:33:15 -0500
commit: a2fa9a13815894500e1e2d9ca3d52bfdd4f75b5a (patch)
tree: 1bd445e4b0f2d034db403c3e6e54a9b868260224
parent: d4790d2832aaac9152f450e06661511067592227 (diff)
download: ca-certificates-a2fa9a13815894500e1e2d9ca3d52bfdd4f75b5a.tar.gz
2 files changed, 24 insertions, 15 deletions
diff --git a/debian/changelog b/debian/changelog
index 0494009..5d52e41 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,10 +1,13 @@
-ca-certificates (20150709) UNRELEASED; urgency=medium
+ca-certificates (20151022) UNRELEASED; urgency=medium
 
   * debian/postinst:
     Handle /usr/local/share/ca-certificates permissions and ownership on
     upgrade.  Closes: #611501
   * mozilla/{certdata.txt,nssckbi.h}:
     Update Mozilla certificate authority bundle to version 2.5.
+  * mozilla/certdata2pem.py:
+    Add Python 3 support to ca-certificates.
+    Thanks to Andrew Wilcox for the patch!  Closes: #789753
 TODO: verify adds/removes
     The following certificate authorities were added (+):
     + "Certinomis - Root CA"
@@ -17,7 +20,7 @@ TODO: verify adds/removes
     - "TC TrustCenter Universal CA I"
     - "TURKTRUST Certificate Services Provider Root 1"
 
- -- Michael Shuler <michael@pbandjelly.org>  Thu, 09 Jul 2015 16:02:11 -0500
+ -- Michael Shuler <michael@pbandjelly.org>  Thu, 22 Oct 2015 15:32:23 -0500
 
 ca-certificates (20150426) unstable; urgency=medium
 
diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
index 0482894..ec48ab6 100644
--- a/mozilla/certdata2pem.py
+++ b/mozilla/certdata2pem.py
@@ -53,7 +53,7 @@ for line in open('certdata.txt', 'r'):
             if type == 'MULTILINE_OCTAL':
                 line = line.strip()
                 for i in re.finditer(r'\\([0-3][0-7][0-7])', line):
-                    value += chr(int(i.group(1), 8))
+                    value.append(int(i.group(1), 8))
             else:
                 value += line
             continue
@@ -70,13 +70,13 @@ for line in open('certdata.txt', 'r'):
         field, type = line_parts
         value = None
     else:
-        raise NotImplementedError, 'line_parts < 2 not supported.'
+        raise NotImplementedError('line_parts < 2 not supported.')
     if type == 'MULTILINE_OCTAL':
         in_multiline = True
-        value = ""
+        value = bytearray()
         continue
     obj[field] = value
-if len(obj.items()) > 0:
+if len(obj) > 0:
     objects.append(obj)
 
 # Read blacklist.
@@ -95,7 +95,7 @@ for obj in objects:
     if obj['CKA_CLASS'] not in ('CKO_NETSCAPE_TRUST', 'CKO_NSS_TRUST'):
         continue
     if obj['CKA_LABEL'] in blacklist:
-        print "Certificate %s blacklisted, ignoring." % obj['CKA_LABEL']
+        print("Certificate %s blacklisted, ignoring." % obj['CKA_LABEL'])
     elif obj['CKA_TRUST_SERVER_AUTH'] in ('CKT_NETSCAPE_TRUSTED_DELEGATOR',
                                           'CKT_NSS_TRUSTED_DELEGATOR'):
         trust[obj['CKA_LABEL']] = True
@@ -104,13 +104,13 @@ for obj in objects:
         trust[obj['CKA_LABEL']] = True
     elif obj['CKA_TRUST_SERVER_AUTH'] in ('CKT_NETSCAPE_UNTRUSTED',
                                           'CKT_NSS_NOT_TRUSTED'):
-        print '!'*74
-        print "UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL']
-        print '!'*74
+        print('!'*74)
+        print("UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL'])
+        print('!'*74)
     else:
-        print "Ignoring certificate %s.  SAUTH=%s, EPROT=%s" % \
+        print("Ignoring certificate %s.  SAUTH=%s, EPROT=%s" % \
               (obj['CKA_LABEL'], obj['CKA_TRUST_SERVER_AUTH'],
-               obj['CKA_TRUST_EMAIL_PROTECTION'])
+               obj['CKA_TRUST_EMAIL_PROTECTION']))
 
 for obj in objects:
     if obj['CKA_CLASS'] == 'CKO_CERTIFICATE':
@@ -121,13 +121,19 @@ for obj in objects:
                                       .replace('(', '=')\
                                       .replace(')', '=')\
                                       .replace(',', '_')
-        bname = bname.decode('string_escape')
+
+        # this is the only way to decode the way NSS stores multi-byte UTF-8
+        if bytes != str:
+            bname = bname.encode('utf-8')
+        bname = bname.decode('unicode_escape').encode('latin-1').decode('utf-8')
         fname = bname + '.crt'
+
         if os.path.exists(fname):
-            print "Found duplicate certificate name %s, renaming." % bname
+            print("Found duplicate certificate name %s, renaming." % bname)
             fname = bname + '_2.crt'
         f = open(fname, 'w')
         f.write("-----BEGIN CERTIFICATE-----\n")
-        f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64)))
+        encoded = base64.b64encode(obj['CKA_VALUE']).decode('utf-8')
+        f.write("\n".join(textwrap.wrap(encoded, 64)))
         f.write("\n-----END CERTIFICATE-----\n")
author	Michael Shuler <michael@pbandjelly.org>	2015-10-22 15:33:15 -0500
committer	Michael Shuler <michael@pbandjelly.org>	2015-10-22 15:33:15 -0500
commit	a2fa9a13815894500e1e2d9ca3d52bfdd4f75b5a (patch)
tree	1bd445e4b0f2d034db403c3e6e54a9b868260224
parent	d4790d2832aaac9152f450e06661511067592227 (diff)
download	ca-certificates-a2fa9a13815894500e1e2d9ca3d52bfdd4f75b5a.tar.gz