Bug 2297301

Summary: Incorrectly url encoded 'Authorized Content Url' in SCA certificates
Product: [Community] Candlepin Reporter: Nikos Moumoulidis <nmoumoul>
Component: candlepinAssignee: Josh Albrecht <jalbrech>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 4.4CC: chris, redakkan, tobias.reineck
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: candlepin-4.4.12-1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-07-26 10:10:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nikos Moumoulidis 2024-07-11 12:20:33 UTC 
Description of problem:
SCA certificates for systems that belong to an environment with a slash in their name, have their 'Authorized Content Url' section incorrectly url-encoded; slashes from the environment name should never be urlencoded.

Version-Release number of selected component (if applicable):
from candlepin-4.4.3-1 onwards

How reproducible:
100%

Steps to Reproduce:
1. Create an environment in candlepin under an org (e.g. 'myorg'), with a name that has a slash in it, such as 'myenv/123' (in Satellite terminology this would just be an Environment with a normal name, plus a Content View under it with a normal name, so 'myenvironment' and 'mycontentview'),.
2. Promote some content in this environment.
3. Register a system to the org and environment.
4. Inspect the SCA certificate on the system: rct cat-cert /etc/pki/entitlements/<cert_serial>.pem

Actual results:
The 'Authorized Content URLs:' section contains:
	/myorg/myenv%2F123'

Expected results:
The 'Authorized Content URLs:' section contains:
	/myorg/myenv/123'

Additional info:

Due to this issue, pulp will reject access to the content from that org+environment+contentview namespace when presenting the affected SCA certificate.