caucase.{client,wsgi}: Explicitly encode/decode request & response body.

Also, encode/decode json in utf-8, not ascii, as per standard.

caucase.{client,wsgi}: Explicitly encode/decode request & response body.
Also, encode/decode json in utf-8, not ascii, as per standard.
fd954e77 · Vincent Pelletier · 80599d28 · fd954e77 · fd954e77
Commit fd954e77 authored Jun 25, 2020 by Vincent Pelletier
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 12 deletions

caucase/client.py caucase/client.py +7 -5

caucase/wsgi.py caucase/wsgi.py +10 -7

No files found.
--- a/caucase/client.py
+++ b/caucase/client.py
@@ -199,7 +199,7 @@ class CaucaseClient(object):
    """
    [AUTHENTICATED] Retrieve all pending CSRs.
    """
-    return json.loads(self._https('GET', '/csr'))
+    return json.loads(self._https('GET', '/csr').decode('utf-8'))
  def createCertificateSigningRequest(self, csr):
    """
@@ -245,7 +245,9 @@ class CaucaseClient(object):
      key=lambda x: x.not_valid_before,
    )[-1]
    result = []
-    for entry in json.loads(self._getCertificate('/ca.crt.json')):
+    for entry in json.loads(
+      self._getCertificate('/ca.crt.json').decode('utf-8'),
+    ):
      try:
        payload = utils.unwrap(
          entry,
@@ -298,7 +300,7 @@ class CaucaseClient(object):
            old_key,
            utils.DEFAULT_DIGEST,
          ),
-        ),
+        ).encode('utf-8'),
        {'Content-Type': 'application/json'},
      ),
    )
@@ -327,7 +329,7 @@ class CaucaseClient(object):
    method(
      'PUT',
      '/crt/revoke',
-      json.dumps(data),
+      json.dumps(data).encode('utf-8'),
      {'Content-Type': 'application/json'},
    )
@@ -342,7 +344,7 @@ class CaucaseClient(object):
    self._https(
      'PUT',
      '/crt/revoke',
-      json.dumps(utils.nullWrap({'revoke_serial': serial})),
+      json.dumps(utils.nullWrap({'revoke_serial': serial})).encode('utf-8'),
      {'Content-Type': 'application/json'},
    )

--- a/caucase/wsgi.py
+++ b/caucase/wsgi.py
@@ -673,8 +673,8 @@ class Application(object):
      raise BadRequest(b'Bad Content-Type')
    data = self._read(environ)
    try:
-      return json.loads(data)
+      return json.loads(data.decode('utf-8'))
-    except ValueError:
+    except (ValueError, UnicodeDecodeError):
      raise BadRequest(b'Invalid json')
  def _createCORSCookie(self, environ, value):
@@ -874,7 +874,7 @@ class Application(object):
            assert name not in hal_section_dict, name
            hal_section_dict[name] = descriptor_dict
    return self._returnFile(
-      utils.toBytes(json.dumps(hal)),
+      json.dumps(hal).encode('utf-8'),
      'application/hal+json',
    )
@@ -921,12 +921,15 @@ class Application(object):
    if environ.get('CONTENT_TYPE') != 'application/x-www-form-urlencoded':
      raise BadRequest(b'Unhandled Content-Type')
    try:
-      form_dict = parse_qs(self._read(environ), strict_parsing=True)
+      form_dict = parse_qs(
+        self._read(environ).decode('ascii'),
+        strict_parsing=True,
+      )
      origin, = form_dict['origin']
      return_to, = form_dict['return_to']
      grant, = form_dict['grant']
      grant = bool(int(grant))
-    except (KeyError, ValueError, TypeError):
+    except (KeyError, ValueError, TypeError, UnicodeDecodeError):
      raise BadRequest
    try:
      origin_control_dict = json.loads(
@@ -978,7 +981,7 @@ class Application(object):
    header_list = []
    self._authenticate(environ, header_list)
    return self._returnFile(
-      utils.toBytes(json.dumps(context.getCertificateRequestList())),
+      json.dumps(context.getCertificateRequestList()).encode('utf-8'),
      'application/json',
      header_list,
    )
@@ -1030,7 +1033,7 @@ class Application(object):
    Handle GET /{context}/crt/ca.crt.json urls.
    """
    return self._returnFile(
-      utils.toBytes(json.dumps(context.getValidCACertificateChain())),
+      json.dumps(context.getValidCACertificateChain()).encode('utf-8'),
      'application/json',
    )