Alon Bar-Lev has uploaded a new change for review. Change subject: pki: support '/' in subject name component ......................................................................
pki: support '/' in subject name component Change-Id: I62ffc2a9209719bc4f7936e2f0dd93a79230cacc Signed-off-by: Alon Bar-Lev <[email protected]> --- M backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/hostinstall/OpenSslCAWrapper.java M packaging/setup/plugins/ovirt-engine-rename/core/pki.py M packaging/setup/plugins/ovirt-engine-setup/pki/ca.py 3 files changed, 44 insertions(+), 12 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/64/18464/1 diff --git a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/hostinstall/OpenSslCAWrapper.java b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/hostinstall/OpenSslCAWrapper.java index 23fda3e..14a9a44 100644 --- a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/hostinstall/OpenSslCAWrapper.java +++ b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/hostinstall/OpenSslCAWrapper.java @@ -22,6 +22,19 @@ public class OpenSslCAWrapper { + private static String escapeSubjectComponent(String input) { + StringBuilder ret = new StringBuilder(); + + for (char x : input.toCharArray()) { + if (x == '/' || x == '\\') { + ret.append('\\'); + } + ret.append(x); + } + + return ret.toString(); + } + public static String getCACertificate() throws Exception { InputStream in = null; @@ -110,7 +123,7 @@ new String[] { executable.getAbsolutePath(), String.format("--name=%s", hostname), - String.format("--subject=/O=%s/CN=%s", organization, hostname), + String.format("--subject=/O=%s/CN=%s", escapeSubjectComponent(organization), escapeSubjectComponent(hostname)), String.format("--days=%s", days), String.format("--timeout=%s", signatureTimeout / 2) }, diff --git a/packaging/setup/plugins/ovirt-engine-rename/core/pki.py b/packaging/setup/plugins/ovirt-engine-rename/core/pki.py index ee72ff6..7a4b752 100644 --- a/packaging/setup/plugins/ovirt-engine-rename/core/pki.py +++ b/packaging/setup/plugins/ovirt-engine-rename/core/pki.py @@ -36,6 +36,7 @@ from ovirt_engine_setup import constants as osetupcons +from ovirt_engine_setup import util as osetuputil from ovirt_engine_setup import dialog @@ -289,9 +290,12 @@ '--password=%s' % ( self.environment[osetupcons.PKIEnv.STORE_PASS], ), - '--subject=%s' % '/' + '/'.join(subject.as_text( - flags=XN_FLAG_SEP_MULTILINE, - ).splitlines()), + '--subject=%s' % '/' + '/'.join( + osetuputil.escape(s, '/\\') + for s in subject.as_text( + flags=XN_FLAG_SEP_MULTILINE, + ).splitlines() + ), ), ) diff --git a/packaging/setup/plugins/ovirt-engine-setup/pki/ca.py b/packaging/setup/plugins/ovirt-engine-setup/pki/ca.py index 635aa25..83c40f7 100644 --- a/packaging/setup/plugins/ovirt-engine-setup/pki/ca.py +++ b/packaging/setup/plugins/ovirt-engine-setup/pki/ca.py @@ -61,6 +61,9 @@ def commit(self): pass + def _subjectComponentEscape(self, s): + return osetuputil.escape(s, '/\\') + def __init__(self, context): super(Plugin, self).__init__(context=context) self._enabled = False @@ -199,11 +202,17 @@ args=( osetupcons.FileLocations.OVIRT_ENGINE_PKI_CA_CREATE, '--subject=/C=%s/O=%s/CN=%s.%s' % ( - self.environment[osetupcons.PKIEnv.COUNTRY], - self.environment[osetupcons.PKIEnv.ORG], - self.environment[ - osetupcons.ConfigEnv.FQDN - ][:MAX_HOST_FQDN_LEN], + self._subjectComponentEscape( + self.environment[osetupcons.PKIEnv.COUNTRY], + ), + self._subjectComponentEscape( + self.environment[osetupcons.PKIEnv.ORG], + ), + self._subjectComponentEscape( + self.environment[ + osetupcons.ConfigEnv.FQDN + ][:MAX_HOST_FQDN_LEN], + ), random.randint(10000, 99999), ), '--keystore-password=%s' % ( @@ -226,9 +235,15 @@ self.environment[osetupcons.PKIEnv.STORE_PASS], ), '--subject=/C=%s/O=%s/CN=%s' % ( - self.environment[osetupcons.PKIEnv.COUNTRY], - self.environment[osetupcons.PKIEnv.ORG], - self.environment[osetupcons.ConfigEnv.FQDN], + self._subjectComponentEscape( + self.environment[osetupcons.PKIEnv.COUNTRY], + ), + self._subjectComponentEscape( + self.environment[osetupcons.PKIEnv.ORG], + ), + self._subjectComponentEscape( + self.environment[osetupcons.ConfigEnv.FQDN], + ), ), ), ) -- To view, visit http://gerrit.ovirt.org/18464 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I62ffc2a9209719bc4f7936e2f0dd93a79230cacc Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
