Fix multiple issues in x509 module and state

Adding a regression test for #49008 and patching the x509 module and
state to make the test pass.

salt/modules/x509.py

@@ -26,6 +26,7 @@ import sys
 import salt.utils.files
 import salt.utils.path
 import salt.utils.stringutils
+import salt.utils.platform
 import salt.exceptions
 from salt.ext import six
 from salt.utils.odict import OrderedDict
@@ -315,12 +316,24 @@ def _dec2hex(decval):
     return _pretty_hex('{0:X}'.format(decval))
 
 
+def _isfile(path):
+    '''
+    A wrapper around os.path.isfile that ignores ValueError exceptions which
+    can be raised if the input to isfile is too long.
+    '''
+    try:
+        return os.path.isfile(path)
+    except ValueError:
+        pass
+    return False
+
+
 def _text_or_file(input_):
     '''
     Determines if input is a path to a file, or a string with the
     content to be parsed.
     '''
-    if os.path.isfile(input_):
+    if _isfile(input_):
         with salt.utils.files.fopen(input_) as fp_:
             return salt.utils.stringutils.to_str(fp_.read())
     else:
@@ -1425,12 +1438,18 @@ def create_certificate(
         kwargs['serial_number'] = _dec2hex(
             random.getrandbits(kwargs['serial_bits']))
     serial_number = int(kwargs['serial_number'].replace(':', ''), 16)
-    # With Python3 we occasionally end up with an INT
-    # that is too large because Python3 no longer supports long INTs.
-    # If we're larger than the maxsize value
-    # then we adjust the serial number.
-    if serial_number > sys.maxsize:
-        serial_number = serial_number - sys.maxsize
+    # With Python3 we occasionally end up with an INT that is greater than a C
+    # long max_value. This causes an overflow error due to a bug in M2Crypto.
+    # See issue: https://gitlab.com/m2crypto/m2crypto/issues/232
+    # Remove this after M2Crypto fixes the bug.
+    if six.PY3:
+        if salt.utils.platform.is_windows():
+            INT_MAX = 2147483647
+            if serial_number >= INT_MAX:
+                serial_number -= int(serial_number / INT_MAX) * INT_MAX
+        else:
+            if serial_number >= sys.maxsize:
+                serial_number -= int(serial_number / sys.maxsize) * sys.maxsize
     cert.set_serial_number(serial_number)
 
     # Set validity dates

salt/states/x509.py

@@ -551,7 +551,7 @@ def certificate_managed(name,
             if not private_ret['result']:
                 return private_ret
 
-    file_args['contents'] += certificate
+    file_args['contents'] += salt.utils.stringutils.to_str(certificate)
 
     if not append_certs:
         append_certs = []

tests/integration/files/file/base/issue-49008.sls

@@ -0,0 +1,18 @@
+/test-ca-49008.crt:
+  x509.certificate_managed:
+    - signing_private_key: /test-ca-49008.key
+    - CN: testy-mctest
+    - basicConstraints: "critical CA:true"
+    - keyUsage: "critical cRLSign, keyCertSign"
+    - subjectKeyIdentifier: hash
+    - authorityKeyIdentifier: keyid,issuer:always
+    - days_valid: 1460
+    - days_remaining: 0
+    - backup: True
+    - watch:
+      - x509: /test-ca-49008.key
+
+/test-ca-49008.key:
+  x509.private_key_managed:
+    - bits: 4096
+    - backup: True

tests/integration/states/test_x509.py

@@ -57,3 +57,11 @@ class x509Test(ModuleCase, SaltReturnAssertsMixin):
         log.warn("ret = %s", repr(ret))
         self.assertSaltTrueReturn(ret)
         self.assertEqual(expected, self.get_cert_lines('/test-49027.crt'))
+
+    @skipIf(not HAS_M2CRYPTO, 'Skip when no M2Crypto found')
+    def test_issue_49008(self):
+        ret = self.run_function('state.sls', ['issue-49008'])
+        log.warn("ret = %s", repr(ret))
+        self.assertSaltTrueReturn(ret)
+        self.assertTrue(os.path.exists('/test-ca-49008.key'))
+        self.assertTrue(os.path.exists('/test-ca-49008.crt'))