Bug 1309828

Summary: python-rhsm (1.17.1) can not parse/check path for certificates with short content path (like "/test")
Product: Red Hat Enterprise Linux 7 Reporter: stas-fomin <stas-fomin>
Component: python-rhsmAssignee: Kevin Howell <khowell>
Status: CLOSED WONTFIX QA Contact: John Sefler <jsefler>
Severity: low Docs Contact:
Priority: low    
Version: 7.2CC: bcourt, jmolet, khowell
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-09-22 15:21:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description stas-fomin@yandex.ru 2016-02-18 19:06:22 UTC 
Description of problem:

python-rhsm (1.17.1) can not parse/check path for certificates with short content path (like "/test"). That is 
"/test" — not OK
"/content/test" — OK


Version-Release number of selected component (if applicable):
python-rhsm (1.17.1)

How reproducible:

See example to reproduce: 
https://github.com/belonesox/certificates-wtf/blob/master/certparse.py

Run certparse.py:

Steps to Reproduce:

 File "/usr/lib64/python2.7/site-packages/rhsm/certificate2.py", line 558, in check_path                                        
    return self._path_tree.match_path(path)                                                                                      
  File "/usr/lib64/python2.7/site-packages/rhsm/certificate2.py", line 526, in _path_tree                                        
    self._path_tree_object = PathTree(data)                                                                                      
  File "/usr/lib64/python2.7/site-packages/rhsm/pathtree.py", line 63, in __init__                                               
    path_dict, path_leaves, word_dict, bitstream)                                                                                
  File "/usr/lib64/python2.7/site-packages/rhsm/pathtree.py", line 252, in _generate_path_tree                                   
    value.setdefault(word, []).append(path_node.value)                                                                           
AttributeError: 'NoneType' object has no attribute 'value'    


Actual results:

AttributeError: 'NoneType' object has no attribute 'value'    


Expected results:

cert.check_path() does not raise exception, and creates internal path structures.
Comment 2 Barnaby Court 2016-02-18 20:33:43 UTC 
as a work around always use paths that are more than 1 level deep.
Comment 3 J.C. Molet 2016-08-30 15:06:25 UTC 
Hello!  I'm a tester trying to determine the extent of this bug.  I was wondering how you created that certificate in the first place?  None of the end user tools (satellite mainly) allow me to create custom content with a path depth of 1, its always 3 or more deep when creating custom content.  Your reproducer is super helpful, however any pointers on how you got that certificate would help cover our edge cases.
Comment 4 stas-fomin@yandex.ru 2016-08-30 16:26:05 UTC 
I generated client certificates by CandlePin.
(sample of such cert on https://github.com/belonesox/certificates-wtf/blob/master/certparse.py )
Comment 5 Kevin Howell 2016-09-22 15:21:42 UTC 
I spent some time looking into this, and verified that this does appear to be an edge case in the parser for certv3 in python at least. I also tried to load the content list data into one of our candlepin test cases, and it also caused an exception (though I'm not completely convinced I had the test case set up correctly). Given that there are no practical use cases that candlepin devs are aware of, this is a limitation we are probably going to leave as-is. That being said, if there are use cases that are important to you and/or you can provide more context (use case(s) and sample calls/data used to generate the cert in candlepin would be helpful), then please feel free to reopen this bug.

More context in case we revisit: I got as far as determining that the huffman code implementation we use in Python does not assign codes when the tree only has two nodes (see https://github.com/candlepin/python-rhsm/blob/c9ea6a870e789018029ac29a90f799ae238f1ea8/src/rhsm/huffman.py#L85), and I suspect this causes issues.