Replace legacy Python base64 invocations with Py3-safe code

Replace deprecated decodestring() and encodestring() with b64decode()
and b64encode().

Provice specialized encode_cert() / decode_cert() functions to handle
base64 encoding and decoding for X.509 certs in JSON strings. In Python
3 the base64 function don't suppor ASCII text, just ASCII bytes.

3 files changed, 42 insertions, 11 deletions

diff --git a/base/common/python/pki/encoder.py b/base/common/python/pki/encoder.py
index bf5d2e473..f83060103 100644
--- a/base/common/python/pki/encoder.py
+++ b/base/common/python/pki/encoder.py
@@ -1,11 +1,41 @@
 from __future__ import absolute_import
+
+import base64
 import json
+
+import six
 from six import iteritems, itervalues
 
 TYPES = {}
 NOTYPES = {}
 
 
+def encode_cert(data):
+    """base64 encode X.509 certificate
+
+    Python 3's base64.b64encode() doesn't support ASCII text.
+
+    :param data: data as bytes or ASCII text
+    :type data: str, bytes
+    :rtype: bytes
+    """
+    if isinstance(data, six.text_type):
+        data = data.encode('ascii')
+    return base64.b64encode(data)
+
+
+def decode_cert(data):
+    """base64 decode X.509 certificate
+
+    :param data: data as bytes or ASCII text
+    :type data: str, bytes
+    :rtype: bytes
+    """
+    if isinstance(data, six.text_type):
+        data = data.encode('ascii')
+    return base64.b64decode(data)
+
+
 class CustomTypeEncoder(json.JSONEncoder):
     """
     A custom JSONEncoder class that knows how to encode core custom
diff --git a/base/common/python/pki/key.py b/base/common/python/pki/key.py
index 1204be54a..4a6f50bdd 100644
--- a/base/common/python/pki/key.py
+++ b/base/common/python/pki/key.py
@@ -89,9 +89,9 @@ class Key(object):
 
     def __init__(self, key_data):
         """ Constructor """
-        self.encrypted_data = base64.decodestring(
+        self.encrypted_data = base64.b64decode(
             key_data.wrapped_private_data)
-        self.nonce_data = base64.decodestring(key_data.nonce_data)
+        self.nonce_data = base64.b64decode(key_data.nonce_data)
         self.algorithm = key_data.algorithm
         self.size = key_data.size
 
@@ -133,7 +133,7 @@ class KeyInfo(object):
             else:
                 setattr(key_info, k, v)
         if key_info.public_key is not None:
-            key_info.public_key = base64.decodestring(key_info.public_key)
+            key_info.public_key = encoder.decode_cert(key_info.public_key)
         return key_info
 
     def get_key_id(self):
@@ -584,7 +584,7 @@ class KeyClient(object):
             raise TypeError("Must specify Client Key ID")
 
         if trans_wrapped_session_key is not None:
-            twsk = base64.encodestring(trans_wrapped_session_key)
+            twsk = base64.b64encode(trans_wrapped_session_key)
             # noinspection PyUnusedLocal
             request = SymKeyGenerationRequest(
                 client_key_id=client_key_id,
@@ -764,9 +764,9 @@ class KeyClient(object):
         if not nonce_iv:
             raise TypeError('Missing nonce IV')
 
-        data = base64.encodestring(encrypted_data)
-        twsk = base64.encodestring(wrapped_session_key)
-        symkey_params = base64.encodestring(nonce_iv)
+        data = base64.b64encode(encrypted_data)
+        twsk = base64.b64encode(wrapped_session_key)
+        symkey_params = base64.b64encode(nonce_iv)
 
         request = KeyArchivalRequest(client_key_id=client_key_id,
                                      data_type=data_type,
@@ -806,7 +806,7 @@ class KeyClient(object):
         if pki_archive_options is None:
             raise TypeError("No data provided to be archived")
 
-        data = base64.encodestring(pki_archive_options)
+        data = base64.b64encode(pki_archive_options)
         request = KeyArchivalRequest(client_key_id=client_key_id,
                                      data_type=data_type,
                                      pki_archive_options=data,
@@ -915,7 +915,7 @@ class KeyClient(object):
         request = KeyRecoveryRequest(
             key_id=key_id,
             request_id=request_id,
-            trans_wrapped_session_key=base64.encodestring(
+            trans_wrapped_session_key=base64.b64encode(
                 trans_wrapped_session_key))
 
         key = self.retrieve_key_data(request)
diff --git a/base/common/python/pki/systemcert.py b/base/common/python/pki/systemcert.py
index 4adc2f18e..199838b9e 100644
--- a/base/common/python/pki/systemcert.py
+++ b/base/common/python/pki/systemcert.py
@@ -22,9 +22,10 @@
 Module containing the Python client classes for the SystemCert REST API
 """
 from __future__ import absolute_import
-import base64
+
 import pki
 from pki.cert import CertData
+from pki.encoder import decode_cert
 
 
 class SystemCertClient(object):
@@ -55,6 +56,6 @@ class SystemCertClient(object):
 
         pem = cert_data.encoded
         b64 = pem[len(pki.CERT_HEADER):len(pem) - len(pki.CERT_FOOTER)]
-        cert_data.binary = base64.decodestring(b64)
+        cert_data.binary = decode_cert(b64)
 
         return cert_data