Bug 830679 - [Patch] Make rhui-manager allows valid RHUI entitlement certificates w/ extension other than ".pem"
[Patch] Make rhui-manager allows valid RHUI entitlement certificates w/ exten...
Status: CLOSED ERRATA
Product: Red Hat Update Infrastructure for Cloud Providers
Classification: Red Hat
Component: RHUA (Show other bugs)
2.1
Unspecified Unspecified
high Severity medium
: ---
: 2.1.3
Assigned To: John Matthews
mkovacik
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-06-11 04:17 EDT by Satoru SATOH
Modified: 2013-12-17 15:08 EST (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
This update fixes the assumption that a certificate was invalid if the file name did not use the extension .pem. This resulted in valid certificates being marked as invalid. This has been changed so that an attempt is made with the certificate and it is only marked as invalid after it has failed. This means that a certificate with any extension can be used and the file name no longer needs to end in .pem.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-12-17 15:08:58 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Make rhui.common.cert_utils.entitlements_in_cert catching X509.X509Error, etc. (1.02 KB, patch)
2012-06-11 04:17 EDT, Satoru SATOH
no flags Details | Diff
Surround X509.load_cert_string() w/ try ... except and replace try ... finally w/ with statement (1.64 KB, patch)
2012-06-11 04:20 EDT, Satoru SATOH
no flags Details | Diff
Surround X509.load_cert_string() w/ try ... except and replace try ... finally w/ with statement (1.64 KB, patch)
2012-06-11 04:23 EDT, Satoru SATOH
no flags Details | Diff
Ensure valid certificates contain entitlements copied w/ '.pem' extension is added and not skipped during certs reload (2.31 KB, patch)
2012-06-11 04:25 EDT, Satoru SATOH
no flags Details | Diff

  None (edit)
Description Satoru SATOH 2012-06-11 04:17:26 EDT
Created attachment 590843 [details]
Make rhui.common.cert_utils.entitlements_in_cert catching X509.X509Error, etc.

Description of problem:

Current implementation of rhui-manager does not look allowing RHUI
entitlement certificates w/ extensions other than ".pem" and such
certificates are silently ignored and skipped.

That is, the following will be an error even if given file is correct
RHUI entitlement certificate:

# rhui-manager cert upload --cert rhua-entitlement-cert.txt
                                                        ^^^


IMHO, rhui-manager should allow files w/ any extensions and 
I made a series of patches implement this (not tested).


Version-Release number of selected component (if applicable):
rh-rhui-tools-2.0.64-1.el6_2
Comment 1 Satoru SATOH 2012-06-11 04:20:09 EDT
Created attachment 590844 [details]
Surround X509.load_cert_string() w/ try ... except and replace try ... finally w/ with statement
Comment 2 Satoru SATOH 2012-06-11 04:23:14 EDT
Created attachment 590845 [details]
Surround X509.load_cert_string() w/ try ... except and replace try ... finally w/ with statement
Comment 3 Satoru SATOH 2012-06-11 04:25:43 EDT
Created attachment 590852 [details]
Ensure valid certificates contain entitlements copied w/ '.pem' extension is added and not skipped during certs reload

I tested _normalize_ext() as follows:

$ nosetests --verbose --with-doctest src/rhui/tools/cert_manager.py
Comment 4 wes hayutin 2012-07-30 16:11:22 EDT
moving to version 2.1.1
Comment 5 mkovacik 2013-07-29 11:28:47 EDT
Supposed fix will just prevent silent dropping of the cert file --- the only files accepted will remain those *.pem
Comment 6 John Matthews 2013-09-12 14:52:10 EDT
Please hold off on committing this patch into RHUI.

We are considering moving to the RHSM certificate.py implementation in RHUI 2.1.3.  If we do move to that certificate implementation we can re-evaluate this BZ afterwards and see if work is needed to no longer require a .pem extension.
Comment 8 John Matthews 2013-11-18 10:35:10 EST
RHEL-6.4-RHUI-2.1.3-20131118.1-Server-x86_64-DVD1.iso
Comment 9 Vitaly Kuznetsov 2013-11-19 07:57:40 EST
Verified with rh-rhui-tools-2.1.36-1.el6_5:

1) Valid cert with '.txt' extension upload succeeded
2) Invalid cert with '.pem' extension upload failed
Comment 11 errata-xmlrpc 2013-12-17 15:08:58 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1854.html

Note You need to log in before you can comment on or make changes to this bug.