Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1094492

Summary:	consumer cert does not appear to accept a consumer name greater than 251 chars
Product:	[Community] Candlepin (Migrated to Jira)	Reporter:	John Sefler <jsefler>
Component:	candlepin	Assignee:	William Poteat <wpoteat>
Status:	CLOSED CURRENTRELEASE	QA Contact:	Katello QA List <katello-qa-list>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	0.9	CC:	bkearney, wpoteat
Target Milestone:	---
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2014-09-29 17:49:32 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	1039651

Description John Sefler 2014-05-05 19:54:24 UTC

Description of problem:
I suspect candlepin commit a0db7c35f8d7ee71daeabaf39788b3f47206e0e0 recently relaxed a restriction on the length of consumer names from 250 chars to the database column width of 255 chars.  Prior to this commit, requesting a 250 character consumer name would throw an error as implemented in https://bugzilla.redhat.com/show_bug.cgi?id=672233#c1

Now that setting a 255 char name is allowed, the rct cat-cert tool fails to show the consumer name when it exceeds 251 chars.


Version-Release number of selected component (if applicable):
[root@jsefler-5 ~]# subscription-manager version
server type: Red Hat Subscription Management
subscription management server: 0.9.9-1
subscription-manager: 1.11.3-2.el5
python-rhsm: 1.11.3-2.el5


How reproducible:


Steps to Reproduce:

_______________________________________________________
TEST 1: a 250 character consumer name

[root@jsefler-5 ~]# subscription-manager register --username=testuser1 --password=password --org=admin --name="250_characters_6789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890" --force
The system with UUID 79a50ab8-cf24-415b-898a-2e538944c7e7 has been unregistered
The system has been registered with ID: eb9fa793-cd64-4887-b668-8e7269a4efd0 
[root@jsefler-5 ~]# rct cat-cert /etc/pki/consumer/cert.pem 

+-------------------------------------------+
	Identity Certificate
+-------------------------------------------+

Certificate:
	Path: /etc/pki/consumer/cert.pem
	Version: 1.0
	Serial: 7173473220462160287
	Start Date: 2014-05-05 19:36:20+00:00
	End Date: 2030-05-05 19:36:20+00:00
	Alt Name: DirName:/CN=250_characters_6789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890

Subject:
	CN: eb9fa793-cd64-4887-b668-8e7269a4efd0

Issuer:
	C: US
	CN: jsefler-f14-7candlepin.usersys.redhat.com
	L: Raleigh


TEST 1: PASS 
_______________________________________________________


TEST 2: a 251 character consumer name

[root@jsefler-5 ~]# subscription-manager register --username=testuser1 --password=password --org=admin --name="251_characters_67890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901" --force
The system with UUID eb9fa793-cd64-4887-b668-8e7269a4efd0 has been unregistered
The system has been registered with ID: ec26f099-eb32-47e7-9597-39d953703e56 
[root@jsefler-5 ~]# rct cat-cert /etc/pki/consumer/cert.pem 

+-------------------------------------------+
	Identity Certificate
+-------------------------------------------+

Certificate:
	Path: /etc/pki/consumer/cert.pem
	Version: 1.0
	Serial: 6510519492149000683
	Start Date: 2014-05-05 19:37:48+00:00
	End Date: 2030-05-05 19:37:48+00:00
	Alt Name: DirName:/CN=251_characters_67890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901

Subject:
	CN: ec26f099-eb32-47e7-9597-39d953703e56

Issuer:
	C: US
	CN: jsefler-f14-7candlepin.usersys.redhat.com
	L: Raleigh

TEST 2: PASS
_______________________________________________________


TEST 3: a 252 character consumer name

[root@jsefler-5 ~]# subscription-manager register --username=testuser1 --password=password --org=admin --name="252_characters_678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012" --force
The system with UUID ec26f099-eb32-47e7-9597-39d953703e56 has been unregistered
The system has been registered with ID: e10ef2c5-f98b-4ade-9242-dd562e502060 
[root@jsefler-5 ~]# rct cat-cert /etc/pki/consumer/cert.pem 

+-------------------------------------------+
	Identity Certificate
+-------------------------------------------+

Certificate:
	Path: /etc/pki/consumer/cert.pem
	Version: 1.0
	Serial: 5250732748612138698
	Start Date: 2014-05-05 19:39:45+00:00
	End Date: 2030-05-05 19:39:45+00:00
	Alt Name: DirName:

Subject:
	CN: e10ef2c5-f98b-4ade-9242-dd562e502060

Issuer:
	C: US
	CN: jsefler-f14-7candlepin.usersys.redhat.com
	L: Raleigh

TEST 3: FAIL The CN common name for the consumer is NOT getting set in the consumer cert.




Additional Info:
The 252 char consumer name also fails to appear when using "openssl x509 -text -in /etc/pki/consumer/cert.pem", therefore the bug is in candlepin and not in rct cat-cert.

Comment 1 William Poteat 2014-05-12 11:39:13 UTC

Subscription Manager commit: ca644b34704ad537611f71de219c8d921c783219
Python-RHSM commit: 2f38ded7054315fce8e6ec7c05a563471a5afbd1
Candlepin commit: 269f3d7eaa59ade00934a7d7bdc24421e210a0c8

Comment 2 John Sefler 2014-06-23 21:54:23 UTC

Verifying Version...
[root@jsefler-5 ~]# subscription-manager version
server type: This system is currently not registered.
subscription management server: 0.9.19-1
subscription-manager: 1.11.3-6.el5
python-rhsm: 1.11.3-3.el5



_______________________________________________________

TEST 1: a 250 character consumer name

[root@jsefler-5 ~]# subscription-manager register --username=testuser1 --password=password --org=admin --name="250_characters_6789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890" --force
The system has been registered with ID: 0d11da54-fce3-43c7-b41f-452f855bcb8f 
[root@jsefler-5 ~]# rct cat-cert /etc/pki/consumer/cert.pem

+-------------------------------------------+
	Identity Certificate
+-------------------------------------------+

Certificate:
	Path: /etc/pki/consumer/cert.pem
	Version: 1.0
	Serial: 7665287880283900990
	Start Date: 2014-06-23 21:44:12+00:00
	End Date: 2030-06-23 21:44:12+00:00
	Alt Name: URI:CN=250_characters_6789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890

Subject:
	CN: 0d11da54-fce3-43c7-b41f-452f855bcb8f

TEST 1: PASS 

_______________________________________________________

TEST 2: a 251 character consumer name

[root@jsefler-5 ~]# subscription-manager register --username=testuser1 --password=password --org=admin --name="251_characters_67890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901" --force
The system with UUID 0d11da54-fce3-43c7-b41f-452f855bcb8f has been unregistered
The system has been registered with ID: bdd69884-fe68-47e8-8ec1-ada3b7e9bbd7 
[root@jsefler-5 ~]# rct cat-cert /etc/pki/consumer/cert.pem

+-------------------------------------------+
	Identity Certificate
+-------------------------------------------+

Certificate:
	Path: /etc/pki/consumer/cert.pem
	Version: 1.0
	Serial: 6854968719467044827
	Start Date: 2014-06-23 21:45:25+00:00
	End Date: 2030-06-23 21:45:25+00:00
	Alt Name: URI:CN=251_characters_67890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901

Subject:
	CN: bdd69884-fe68-47e8-8ec1-ada3b7e9bbd7

Issuer:
	C: US
	CN: jsefler-f14-candlepin.usersys.redhat.com
	L: Raleigh

TEST 2: PASS

_______________________________________________________

TEST 3: a 252 character consumer name

[root@jsefler-5 ~]# subscription-manager register --username=testuser1 --password=password --org=admin --name="252_characters_678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012" --force
The system with UUID bdd69884-fe68-47e8-8ec1-ada3b7e9bbd7 has been unregistered
The system has been registered with ID: a215df6b-76ab-4754-9afc-7a4db37f9d36 
[root@jsefler-5 ~]# rct cat-cert /etc/pki/consumer/cert.pem

+-------------------------------------------+
	Identity Certificate
+-------------------------------------------+

Certificate:
	Path: /etc/pki/consumer/cert.pem
	Version: 1.0
	Serial: 8464139013862761973
	Start Date: 2014-06-23 21:46:26+00:00
	End Date: 2030-06-23 21:46:26+00:00
	Alt Name: URI:CN=252_characters_678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012

Subject:
	CN: a215df6b-76ab-4754-9afc-7a4db37f9d36

Issuer:
	C: US
	CN: jsefler-f14-candlepin.usersys.redhat.com
	L: Raleigh

TEST 3: PASS

_______________________________________________________

TEST 4: a 255 character consumer name

[root@jsefler-5 ~]# subscription-manager register --username=testuser1 --password=password --org=admin --name="252_characters_678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345" --force
The system with UUID a215df6b-76ab-4754-9afc-7a4db37f9d36 has been unregistered
The system has been registered with ID: aa7bc909-3ebd-4fc8-b82b-37f1b0c32477 
[root@jsefler-5 ~]# rct cat-cert /etc/pki/consumer/cert.pem

+-------------------------------------------+
	Identity Certificate
+-------------------------------------------+

Certificate:
	Path: /etc/pki/consumer/cert.pem
	Version: 1.0
	Serial: 709460975977762888
	Start Date: 2014-06-23 21:49:54+00:00
	End Date: 2030-06-23 21:49:54+00:00
	Alt Name: URI:CN=252_characters_678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345

Subject:
	CN: aa7bc909-3ebd-4fc8-b82b-37f1b0c32477

Issuer:
	C: US
	CN: jsefler-f14-candlepin.usersys.redhat.com
	L: Raleigh

TEST 4: PASS

_______________________________________________________

TEST 5: a 256 character consumer name

[root@jsefler-5 ~]# subscription-manager register --username=testuser1 --password=password --org=admin --name="252_characters_6789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456" --force
The system with UUID aa7bc909-3ebd-4fc8-b82b-37f1b0c32477 has been unregistered
Problem creating unit Consumer [id = 8a9087e346a9d1120146cab6087150d5, type = ConsumerType [id=1000, label=system], getName() = 252_characters_6789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456]
[root@jsefler-5 ~]# rct cat-cert /etc/pki/consumer/cert.pem
The specified certificate file does not exist.
[root@jsefler-5 ~]# 

TEST 5: PASS - 256 character consumer name attempt exceeded the new limit; the registration failure is handled gracefully.

_______________________________________________________


Moving to VERIFIED

Comment 3 Bryan Kearney 2014-09-29 17:49:32 UTC

Cleaning up old bugs. These were verified but never closed.

Comment 4 John Sefler 2017-01-12 17:33:26 UTC

FYI: The stdout response from Test 5 in verification comment 2 will be improved by Bug 1371009 - Need clearer error message when register with system name exceeding max characters.