Do not decode HTTP reason phrase from Dogtag

The HTTP reason phrase sent by Dogtag is assumed to be encoded in UTF-8, but the encoding used by Tomcat is dependent on system locale, causing decode errors in some locales. The reason phrase is optional and will not be sent in a future version of Tomcat[1], so do not bother decoding and returning it. [1] https://github.com/apache/tomcat/commit/707ab1c77f3bc189e1c3f29b641506db4c8bce37 Fixes: https://fedorahosted.org/freeipa/ticket/5578 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
author: Fraser Tweedale <ftweedal@redhat.com> 2016-01-06 14:50:42 +1100
committer: Jan Cholasta <jcholast@redhat.com> 2016-01-13 08:12:30 +0100
commit: fe94222873c4df5118e93cebe7e9d69439266ba0 (patch)
tree: 2f2309492eb0843b744d7034a22b425c183855ea
parent: 6b2b173a4d6b1cd8789e87d0392dd86c980f858a (diff)
download: freeipa-fe94222873c4df5118e93cebe7e9d69439266ba0.tar.gz
freeipa-fe94222873c4df5118e93cebe7e9d69439266ba0.tar.xz
freeipa-fe94222873c4df5118e93cebe7e9d69439266ba0.zip
3 files changed, 36 insertions, 38 deletions
diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py
index 010e49652..1cb74719c 100644
--- a/ipapython/dogtag.py
+++ b/ipapython/dogtag.py
@@ -118,14 +118,14 @@ def ca_status(ca_host=None, use_proxy=True):
         ca_port = 443
     else:
         ca_port = 8443
-    status, reason, headers, body = unauthenticated_https_request(
+    status, headers, body = unauthenticated_https_request(
         ca_host, ca_port, '/ca/admin/ca/getStatus')
     if status == 503:
         # Service temporarily unavailable
-        return reason
+        return status
     elif status != 200:
         raise errors.RemoteRetrieveError(
-            reason=_("Retrieving CA status failed: %s") % reason)
+            reason=_("Retrieving CA status failed with status %d") % status)
     return _parse_ca_status(body)
 
 
@@ -136,8 +136,8 @@ def https_request(host, port, url, secdir, password, nickname,
     :param url: The path (not complete URL!) to post to.
     :param body: The request body (encodes kw if None)
     :param kw:  Keyword arguments to encode into POST body.
-    :return:   (http_status, http_reason_phrase, http_headers, http_body)
-               as (integer, unicode, dict, str)
+    :return:   (http_status, http_headers, http_body)
+               as (integer, dict, str)
 
     Perform a client authenticated HTTPS request
     """
@@ -165,8 +165,8 @@ def http_request(host, port, url, **kw):
     """
     :param url: The path (not complete URL!) to post to.
     :param kw: Keyword arguments to encode into POST body.
-    :return:   (http_status, http_reason_phrase, http_headers, http_body)
-                as (integer, unicode, dict, str)
+    :return:   (http_status, http_headers, http_body)
+                as (integer, dict, str)
 
     Perform an HTTP request.
     """
@@ -179,8 +179,8 @@ def unauthenticated_https_request(host, port, url, **kw):
     """
     :param url: The path (not complete URL!) to post to.
     :param kw: Keyword arguments to encode into POST body.
-    :return:   (http_status, http_reason_phrase, http_headers, http_body)
-                as (integer, unicode, dict, str)
+    :return:   (http_status, http_headers, http_body)
+                as (integer, dict, str)
 
     Perform an unauthenticated HTTPS request.
     """
@@ -219,15 +219,14 @@ def _httplib_request(
         res = conn.getresponse()
 
         http_status = res.status
-        http_reason_phrase = unicode(res.reason, 'utf-8')
         http_headers = res.msg.dict
         http_body = res.read()
         conn.close()
     except Exception as e:
         raise NetworkError(uri=uri, error=str(e))
 
-    root_logger.debug('response status %d %s', http_status, http_reason_phrase)
+    root_logger.debug('response status %d',    http_status)
     root_logger.debug('response headers %s',   http_headers)
     root_logger.debug('response body %r',      http_body)
 
-    return http_status, http_reason_phrase, http_headers, http_body
+    return http_status, http_headers, http_body
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 1591362b4..f74b76090 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -403,12 +403,11 @@ class CertDB(object):
         result = dogtag.https_request(
             self.host_name, 8443, "/ca/ee/ca/profileSubmitSSLClient",
             self.secdir, password, "ipaCert", **params)
-        http_status, http_reason_phrase, http_headers, http_body = result
+        http_status, http_headers, http_body = result
 
         if http_status != 200:
             raise CertificateOperationError(
-                error=_('Unable to communicate with CMS (%s)') %
-                    http_reason_phrase)
+                error=_('Unable to communicate with CMS (status %d)') % http_status)
 
         # The result is an XML blob. Pull the certificate out of that
         doc = xml.dom.minidom.parseString(http_body)
@@ -457,7 +456,7 @@ class CertDB(object):
         result = dogtag.https_request(
             self.host_name, 8443, "/ca/ee/ca/profileSubmitSSLClient",
             self.secdir, password, "ipaCert", **params)
-        http_status, http_reason_phrase, http_headers, http_body = result
+        http_status, http_headers, http_body = result
         if http_status != 200:
             raise RuntimeError("Unable to submit cert request")
 
diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py
index 1a1172a38..2549aae3d 100644
--- a/ipaserver/plugins/dogtag.py
+++ b/ipaserver/plugins/dogtag.py
@@ -1351,8 +1351,8 @@ class ra(rabase.rabase):
         """
         :param url: The URL to post to.
         :param kw: Keyword arguments to encode into POST body.
-        :return:   (http_status, http_reason_phrase, http_headers, http_body)
-                   as (integer, unicode, dict, str)
+        :return:   (http_status, http_headers, http_body)
+                   as (integer, dict, str)
 
         Perform an HTTP request.
         """
@@ -1362,8 +1362,8 @@ class ra(rabase.rabase):
         """
         :param url: The URL to post to.
         :param kw:  Keyword arguments to encode into POST body.
-        :return:   (http_status, http_reason_phrase, http_headers, http_body)
-                   as (integer, unicode, dict, str)
+        :return:   (http_status, http_headers, http_body)
+                   as (integer, dict, str)
 
         Perform an HTTPS request
         """
@@ -1423,7 +1423,7 @@ class ra(rabase.rabase):
         self.debug('%s.check_request_status()', self.fullname)
 
         # Call CMS
-        http_status, http_reason_phrase, http_headers, http_body = \
+        http_status, http_headers, http_body = \
             self._request('/ca/ee/ca/checkRequest',
                           self.env.ca_port,
                           requestId=request_id,
@@ -1432,7 +1432,7 @@ class ra(rabase.rabase):
         # Parse and handle errors
         if http_status != 200:
             self.raise_certificate_operation_error('check_request_status',
-                                                   detail=http_reason_phrase)
+                                                   detail=http_status)
 
         parse_result = self.get_parse_result_xml(http_body, parse_check_request_result_xml)
         request_status = parse_result['request_status']
@@ -1508,7 +1508,7 @@ class ra(rabase.rabase):
         serial_number = int(serial_number, 0)
 
         # Call CMS
-        http_status, http_reason_phrase, http_headers, http_body = \
+        http_status, http_headers, http_body = \
             self._sslget('/ca/agent/ca/displayBySerial',
                          self.env.ca_agent_port,
                          serialNumber=str(serial_number),
@@ -1518,7 +1518,7 @@ class ra(rabase.rabase):
         # Parse and handle errors
         if http_status != 200:
             self.raise_certificate_operation_error('get_certificate',
-                                                   detail=http_reason_phrase)
+                                                   detail=http_status)
 
         parse_result = self.get_parse_result_xml(http_body, parse_display_cert_xml)
         request_status = parse_result['request_status']
@@ -1576,7 +1576,7 @@ class ra(rabase.rabase):
         self.debug('%s.request_certificate()', self.fullname)
 
         # Call CMS
-        http_status, http_reason_phrase, http_headers, http_body = \
+        http_status, http_headers, http_body = \
             self._sslget('/ca/eeca/ca/profileSubmitSSLClient',
                          self.env.ca_ee_port,
                          profileId=profile_id,
@@ -1586,7 +1586,7 @@ class ra(rabase.rabase):
         # Parse and handle errors
         if http_status != 200:
             self.raise_certificate_operation_error('request_certificate',
-                                                   detail=http_reason_phrase)
+                                                   detail=http_status)
 
         parse_result = self.get_parse_result_xml(http_body, parse_profile_submit_result_xml)
         # Note different status return, it's not request_status, it's error_code
@@ -1655,7 +1655,7 @@ class ra(rabase.rabase):
         serial_number = int(serial_number, 0)
 
         # Call CMS
-        http_status, http_reason_phrase, http_headers, http_body = \
+        http_status, http_headers, http_body = \
             self._sslget('/ca/agent/ca/doRevoke',
                          self.env.ca_agent_port,
                          op='revoke',
@@ -1667,7 +1667,7 @@ class ra(rabase.rabase):
         # Parse and handle errors
         if http_status != 200:
             self.raise_certificate_operation_error('revoke_certificate',
-                                                   detail=http_reason_phrase)
+                                                   detail=http_status)
 
         parse_result = self.get_parse_result_xml(http_body, parse_revoke_cert_xml)
         request_status = parse_result['request_status']
@@ -1718,7 +1718,7 @@ class ra(rabase.rabase):
         serial_number = int(serial_number, 0)
 
         # Call CMS
-        http_status, http_reason_phrase, http_headers, http_body = \
+        http_status, http_headers, http_body = \
             self._sslget('/ca/agent/ca/doUnrevoke',
                          self.env.ca_agent_port,
                          serialNumber=str(serial_number),
@@ -1727,7 +1727,7 @@ class ra(rabase.rabase):
         # Parse and handle errors
         if http_status != 200:
             self.raise_certificate_operation_error('take_certificate_off_hold',
-                                                   detail=http_reason_phrase)
+                                                   detail=http_status)
 
 
         parse_result = self.get_parse_result_xml(http_body, parse_unrevoke_cert_xml)
@@ -2030,7 +2030,7 @@ class RestClient(Backend):
         """Log into the REST API"""
         if self.cookie is not None:
             return
-        status, status_text, resp_headers, resp_body = dogtag.https_request(
+        status, resp_headers, resp_body = dogtag.https_request(
             self.ca_host, self.override_port or self.env.ca_agent_port,
             '/ca/rest/account/login',
             self.sec_dir, self.password, self.ipa_certificate_nickname,
@@ -2056,8 +2056,8 @@ class RestClient(Backend):
         """
         :param url: The URL to post to.
         :param kw:  Keyword arguments to encode into POST body.
-        :return:   (http_status, http_reason_phrase, http_headers, http_body)
-                   as (integer, unicode, dict, str)
+        :return:   (http_status, http_headers, http_body)
+                   as (integer, dict, str)
 
         Perform an HTTPS request
         """
@@ -2071,7 +2071,7 @@ class RestClient(Backend):
         resource = os.path.join('/ca/rest', self.path, path)
 
         # perform main request
-        status, status_text, resp_headers, resp_body = dogtag.https_request(
+        status, resp_headers, resp_body = dogtag.https_request(
             self.ca_host, self.override_port or self.env.ca_agent_port,
             resource,
             self.sec_dir, self.password, self.ipa_certificate_nickname,
@@ -2080,10 +2080,10 @@ class RestClient(Backend):
         if status < 200 or status >= 300:
             explanation = self._parse_dogtag_error(resp_body) or ''
             raise errors.RemoteRetrieveError(
-                reason=_('Non-2xx response from CA REST API: %(status)d %(status_text)s. %(explanation)s')
-                % {'status': status, 'status_text': status_text, 'explanation': explanation}
+                reason=_('Non-2xx response from CA REST API: %(status)d. %(explanation)s')
+                % {'status': status, 'explanation': explanation}
             )
-        return (status, status_text, resp_headers, resp_body)
+        return (status, resp_headers, resp_body)
 
 
 class ra_certprofile(RestClient):
@@ -2108,7 +2108,7 @@ class ra_certprofile(RestClient):
         """
         Read the profile configuration from Dogtag
         """
-        status, status_text, resp_headers, resp_body = self._ssldo(
+        status, resp_headers, resp_body = self._ssldo(
             'GET', profile_id + '/raw')
         return resp_body
author	Fraser Tweedale <ftweedal@redhat.com>	2016-01-06 14:50:42 +1100
committer	Jan Cholasta <jcholast@redhat.com>	2016-01-13 08:12:30 +0100
commit	fe94222873c4df5118e93cebe7e9d69439266ba0 (patch)
tree	2f2309492eb0843b744d7034a22b425c183855ea
parent	6b2b173a4d6b1cd8789e87d0392dd86c980f858a (diff)
download	freeipa-fe94222873c4df5118e93cebe7e9d69439266ba0.tar.gz freeipa-fe94222873c4df5118e93cebe7e9d69439266ba0.tar.xz freeipa-fe94222873c4df5118e93cebe7e9d69439266ba0.zip