Bug 1309828 - python-rhsm (1.17.1) can not parse/check path for certificates with short content path (like "/test")
python-rhsm (1.17.1) can not parse/check path for certificates with short con...
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: python-rhsm (Show other bugs)
All All
low Severity low
: rc
: ---
Assigned To: Kevin Howell
John Sefler
: Triaged
Depends On:
  Show dependency treegraph
Reported: 2016-02-18 14:06 EST by stas-fomin@yandex.ru
Modified: 2016-09-22 11:21 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-09-22 11:21:42 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description stas-fomin@yandex.ru 2016-02-18 14:06:22 EST
Description of problem:

python-rhsm (1.17.1) can not parse/check path for certificates with short content path (like "/test"). That is 
"/test" — not OK
"/content/test" — OK

Version-Release number of selected component (if applicable):
python-rhsm (1.17.1)

How reproducible:

See example to reproduce: 

Run certparse.py:

Steps to Reproduce:

 File "/usr/lib64/python2.7/site-packages/rhsm/certificate2.py", line 558, in check_path                                        
    return self._path_tree.match_path(path)                                                                                      
  File "/usr/lib64/python2.7/site-packages/rhsm/certificate2.py", line 526, in _path_tree                                        
    self._path_tree_object = PathTree(data)                                                                                      
  File "/usr/lib64/python2.7/site-packages/rhsm/pathtree.py", line 63, in __init__                                               
    path_dict, path_leaves, word_dict, bitstream)                                                                                
  File "/usr/lib64/python2.7/site-packages/rhsm/pathtree.py", line 252, in _generate_path_tree                                   
    value.setdefault(word, []).append(path_node.value)                                                                           
AttributeError: 'NoneType' object has no attribute 'value'    

Actual results:

AttributeError: 'NoneType' object has no attribute 'value'    

Expected results:

cert.check_path() does not raise exception, and creates internal path structures.
Comment 2 Barnaby Court 2016-02-18 15:33:43 EST
as a work around always use paths that are more than 1 level deep.
Comment 3 J.C. Molet 2016-08-30 11:06:25 EDT
Hello!  I'm a tester trying to determine the extent of this bug.  I was wondering how you created that certificate in the first place?  None of the end user tools (satellite mainly) allow me to create custom content with a path depth of 1, its always 3 or more deep when creating custom content.  Your reproducer is super helpful, however any pointers on how you got that certificate would help cover our edge cases.
Comment 4 stas-fomin@yandex.ru 2016-08-30 12:26:05 EDT
I generated client certificates by CandlePin.
(sample of such cert on https://github.com/belonesox/certificates-wtf/blob/master/certparse.py )
Comment 5 Kevin Howell 2016-09-22 11:21:42 EDT
I spent some time looking into this, and verified that this does appear to be an edge case in the parser for certv3 in python at least. I also tried to load the content list data into one of our candlepin test cases, and it also caused an exception (though I'm not completely convinced I had the test case set up correctly). Given that there are no practical use cases that candlepin devs are aware of, this is a limitation we are probably going to leave as-is. That being said, if there are use cases that are important to you and/or you can provide more context (use case(s) and sample calls/data used to generate the cert in candlepin would be helpful), then please feel free to reopen this bug.

More context in case we revisit: I got as far as determining that the huffman code implementation we use in Python does not assign codes when the tree only has two nodes (see https://github.com/candlepin/python-rhsm/blob/c9ea6a870e789018029ac29a90f799ae238f1ea8/src/rhsm/huffman.py#L85), and I suspect this causes issues.

Note You need to log in before you can comment on or make changes to this bug.