Bug 2297301 - Incorrectly url encoded 'Authorized Content Url' in SCA certificates
Summary: Incorrectly url encoded 'Authorized Content Url' in SCA certificates
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Candlepin
Classification: Community
Component: candlepin
Version: 4.4
Hardware: Unspecified
OS: Unspecified
unspecified
urgent
Target Milestone: ---
: ---
Assignee: Josh Albrecht
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-07-11 12:20 UTC by Nikos Moumoulidis
Modified: 2024-07-26 10:10 UTC (History)
3 users (show)

Fixed In Version: candlepin-4.4.12-1
Clone Of:
Environment:
Last Closed: 2024-07-26 10:10:06 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github candlepin candlepin pull 4783 0 None Merged [M] CANDLEPIN-888: Fixed several encoding errors during certificate generation 2024-07-23 12:53:50 UTC
Red Hat Issue Tracker CANDLEPIN-888 0 None None None 2024-07-11 12:20:33 UTC

Description Nikos Moumoulidis 2024-07-11 12:20:33 UTC 
Description of problem:
SCA certificates for systems that belong to an environment with a slash in their name, have their 'Authorized Content Url' section incorrectly url-encoded; slashes from the environment name should never be urlencoded.

Version-Release number of selected component (if applicable):
from candlepin-4.4.3-1 onwards

How reproducible:
100%

Steps to Reproduce:
1. Create an environment in candlepin under an org (e.g. 'myorg'), with a name that has a slash in it, such as 'myenv/123' (in Satellite terminology this would just be an Environment with a normal name, plus a Content View under it with a normal name, so 'myenvironment' and 'mycontentview'),.
2. Promote some content in this environment.
3. Register a system to the org and environment.
4. Inspect the SCA certificate on the system: rct cat-cert /etc/pki/entitlements/<cert_serial>.pem

Actual results:
The 'Authorized Content URLs:' section contains:
	/myorg/myenv%2F123'

Expected results:
The 'Authorized Content URLs:' section contains:
	/myorg/myenv/123'

Additional info:

Due to this issue, pulp will reject access to the content from that org+environment+contentview namespace when presenting the affected SCA certificate.
Note You need to log in before you can comment on or make changes to this bug.