Server Public Cert Rejected

[Will Jenkins]

Hello,

I'm trying to switch to using HashiCorp's Vault to manage PKI for Simian.

However, when I try to upload the server's signed public cert I get a 500 error with the below trace in the logs. I have attached the offending test cert.

Please can anyone suggest what I might be doing wrong?

can't concat bytearray to array.array (/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py:1552)

Traceback (most recent call last):

  File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 1535, in __call__

    rv = self.handle_exception(request, response, e)

  File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 1529, in __call__

    rv = self.router.dispatch(request, response)

  File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 1278, in default_dispatcher

    return route.handler_adapter(request, response)

  File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 1102, in __call__

    return handler.dispatch()

  File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 572, in dispatch

    return self.handle_exception(e, self.app.debug)

  File "/base/data/home/apps/s~expmunki/7a67c521280e.393711310026876545/simian/mac/admin/__init__.py", line 176, in handle_exception

    super(AdminHandler, self).handle_exception(exception, debug_mode)

  File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/webapp2-2.5.2/webapp2.py", line 570, in dispatch

    return method(*args, **kwargs)

  File "/base/data/home/apps/s~expmunki/7a67c521280e.393711310026876545/simian/mac/admin/config.py", line 94, in post

    self._PemUpload()

  File "/base/data/home/apps/s~expmunki/7a67c521280e.393711310026876545/simian/mac/admin/config.py", line 201, in _PemUpload

    valid_pems = self._GetPems({pem: pem_file})

  File "/base/data/home/apps/s~expmunki/7a67c521280e.393711310026876545/simian/mac/admin/config.py", line 178, in _GetPems

    if not cert.IsSignedBy(ca_cert):

  File "/base/data/home/apps/s~expmunki/7a67c521280e.393711310026876545/simian/auth/x509.py", line 774, in IsSignedBy

    return pk.verify(sig, prefix_bytes + hash_bytes)

  File "/base/data/home/apps/s~expmunki/7a67c521280e.393711310026876545/tlslite/utils/rsakey.py", line 128, in verify

    paddedBytes = self._addPKCS1Padding(bytes, 1)

  File "/base/data/home/apps/s~expmunki/7a67c521280e.393711310026876545/tlslite/utils/rsakey.py", line 257, in _addPKCS1Padding

    paddedBytes = padding + bytes

TypeError: can't concat bytearray to array.array

Thanks,

Will

[Will Jenkins]

It looks like I can fix the problem by changing this line to this:

return bytearray(s)

I don't understand why this hasn't come up before :/

I have started a PR: https://github.com/google/simian/pull/49