From 8246ebdd2b40e9988b0de450db4df95fe12d2390 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Wed, 25 Apr 2018 14:21:12 -0400
Subject: [PATCH] Fix invite process and unicode

Unicode strings do not fit with our world view, make them bytes.
---
 .../confluent/collective/invites.py           |  4 +++-
 .../confluent/collective/manager.py           | 20 +++++++++----------
 confluent_server/confluent/sockapi.py         |  2 +-
 3 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/confluent_server/confluent/collective/invites.py b/confluent_server/confluent/collective/invites.py
index 7945ee6d..ec1b1532 100644
--- a/confluent_server/confluent/collective/invites.py
+++ b/confluent_server/confluent/collective/invites.py
@@ -23,9 +23,10 @@ import os
 pending_invites = {}
 
 def create_server_invitation(servername):
+    servername = servername.encode('utf-8')
     invitation = os.urandom(66)
     pending_invites[servername] = invitation
-    return base64.b64encode(servername + '@' + invitation)
+    return base64.b64encode(servername + b'@' + invitation)
 
 def create_client_proof(invitation, mycert, peercert):
     return hmac.new(invitation, peercert + mycert, hashlib.sha256).digest()
@@ -36,6 +37,7 @@ def check_server_proof(invitation, mycert, peercert, proof):
     return proof == validproof
 
 def check_client_proof(servername, mycert, peercert, proof):
+    servername = servername.encode('utf-8')
     invitation = pending_invites[servername]
     validproof = hmac.new(invitation, mycert + peercert, hashlib.sha256
                           ).digest()
diff --git a/confluent_server/confluent/collective/manager.py b/confluent_server/confluent/collective/manager.py
index 1b64bc3f..b61b51d2 100644
--- a/confluent_server/confluent/collective/manager.py
+++ b/confluent_server/confluent/collective/manager.py
@@ -15,7 +15,7 @@
 # limitations under the License.
 
 import base64
-import confluent.swarm.invites as invites
+import confluent.collective.invites as invites
 import confluent.tlvdata as tlvdata
 import confluent.util as util
 import eventlet.green.socket as socket
@@ -26,25 +26,25 @@ except ImportError:
     # while not always required, we use pyopenssl required for at least collective
     crypto = None
 
-swarmcerts = {}
+collcerts = {}
 
 
-def handle_connection(connection, cert, swarmrequest, local=False):
-    operation = swarmrequest['operation']
+def handle_connection(connection, cert, request, local=False):
+    operation = request['operation']
     if cert:
         cert = crypto.dump_certificate(crypto.FILETYPE_ASN1, cert)
     else:
         if not local:
             return
         if 'invite' == operation:
-            name = swarmrequest['invite']['name']
+            name = request['name']
             invitation = invites.create_server_invitation(name)
             tlvdata.send(connection, {'collective': {'invitation': invitation}})
         if 'join' == operation:
-            invitation = swarmrequest['invitation']
+            invitation = request['invitation']
             invitation = base64.b64decode(invitation)
             name, invitation = invitation.split('@')
-            host = swarmrequest['server']
+            host = request['server']
             remote = socket.create_connection((host, 13001))
             # This isn't what it looks like.  We do CERT_NONE to disable
             # openssl verification, but then use the invitation as a
@@ -69,14 +69,14 @@ def handle_connection(connection, cert, swarmrequest, local=False):
                 return
     if 'joinchallenge' == operation:
         mycert = util.get_certificate_from_file('/etc/confluent/srvcert.pem')
-        proof = base64.b64decode(swarmrequest['hmac'])
-        myrsp = invites.check_client_proof(swarmrequest['name'], mycert,
+        proof = base64.b64decode(request['hmac'])
+        myrsp = invites.check_client_proof(request['name'], mycert,
                                            cert, proof)
         if not myrsp:
             connection.close()
             return
         myrsp = base64.b64encode(myrsp)
-        swarmcerts[swarmrequest['name']] = cert
+        collcerts[request['name']] = cert
         tlvdata.send(connection, {'collective': {'approval': myrsp}})
         clientready = tlvdata.recv(connection)
         print(repr(clientready))
diff --git a/confluent_server/confluent/sockapi.py b/confluent_server/confluent/sockapi.py
index 044c371b..c76f50b2 100644
--- a/confluent_server/confluent/sockapi.py
+++ b/confluent_server/confluent/sockapi.py
@@ -135,7 +135,7 @@ def sessionhdl(connection, authname, skipauth=False, cert=None):
     send_data(connection, {'authpassed': 1})
     request = tlvdata.recv(connection)
     if 'collective' in request and skipauth:
-        collective.handle_connection(connection, None, request['collective'],
+        return collective.handle_connection(connection, None, request['collective'],
                                      local=True)
     while request is not None:
         try: