RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1309828 - python-rhsm (1.17.1) can not parse/check path for certificates with short content path (like "/test")
Summary: python-rhsm (1.17.1) can not parse/check path for certificates with short con...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: python-rhsm
Version: 7.2
Hardware: All
OS: All
low
low
Target Milestone: rc
: ---
Assignee: Kevin Howell
QA Contact: John Sefler
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-02-18 19:06 UTC by stas-fomin@yandex.ru
Modified: 2016-09-22 15:21 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-09-22 15:21:42 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description stas-fomin@yandex.ru 2016-02-18 19:06:22 UTC 
Description of problem:

python-rhsm (1.17.1) can not parse/check path for certificates with short content path (like "/test"). That is 
"/test" — not OK
"/content/test" — OK


Version-Release number of selected component (if applicable):
python-rhsm (1.17.1)

How reproducible:

See example to reproduce: 
https://github.com/belonesox/certificates-wtf/blob/master/certparse.py

Run certparse.py:

Steps to Reproduce:

 File "/usr/lib64/python2.7/site-packages/rhsm/certificate2.py", line 558, in check_path                                        
    return self._path_tree.match_path(path)                                                                                      
  File "/usr/lib64/python2.7/site-packages/rhsm/certificate2.py", line 526, in _path_tree                                        
    self._path_tree_object = PathTree(data)                                                                                      
  File "/usr/lib64/python2.7/site-packages/rhsm/pathtree.py", line 63, in __init__                                               
    path_dict, path_leaves, word_dict, bitstream)                                                                                
  File "/usr/lib64/python2.7/site-packages/rhsm/pathtree.py", line 252, in _generate_path_tree                                   
    value.setdefault(word, []).append(path_node.value)                                                                           
AttributeError: 'NoneType' object has no attribute 'value'    


Actual results:

AttributeError: 'NoneType' object has no attribute 'value'    


Expected results:

cert.check_path() does not raise exception, and creates internal path structures.
Comment 2 Barnaby Court 2016-02-18 20:33:43 UTC 
as a work around always use paths that are more than 1 level deep.
Comment 3 J.C. Molet 2016-08-30 15:06:25 UTC 
Hello!  I'm a tester trying to determine the extent of this bug.  I was wondering how you created that certificate in the first place?  None of the end user tools (satellite mainly) allow me to create custom content with a path depth of 1, its always 3 or more deep when creating custom content.  Your reproducer is super helpful, however any pointers on how you got that certificate would help cover our edge cases.
Comment 4 stas-fomin@yandex.ru 2016-08-30 16:26:05 UTC 
I generated client certificates by CandlePin.
(sample of such cert on https://github.com/belonesox/certificates-wtf/blob/master/certparse.py )
Comment 5 Kevin Howell 2016-09-22 15:21:42 UTC 
I spent some time looking into this, and verified that this does appear to be an edge case in the parser for certv3 in python at least. I also tried to load the content list data into one of our candlepin test cases, and it also caused an exception (though I'm not completely convinced I had the test case set up correctly). Given that there are no practical use cases that candlepin devs are aware of, this is a limitation we are probably going to leave as-is. That being said, if there are use cases that are important to you and/or you can provide more context (use case(s) and sample calls/data used to generate the cert in candlepin would be helpful), then please feel free to reopen this bug.

More context in case we revisit: I got as far as determining that the huffman code implementation we use in Python does not assign codes when the tree only has two nodes (see https://github.com/candlepin/python-rhsm/blob/c9ea6a870e789018029ac29a90f799ae238f1ea8/src/rhsm/huffman.py#L85), and I suspect this causes issues.
Note You need to log in before you can comment on or make changes to this bug.