Halaman utama Jelajahi Bantuan
Daftar Masuk
shixiong
/
okd
1
0
Fork 0
Berkas Masalah 0 Tarik Permintaan 0 Wiki
Jelajahi Sumber

Merge pull request #4573 from tbielawa/cert-hex-serial-parse

Fix parsing certs with very large serial numbers
Scott Dodson 7 tahun lalu
induk
272288b9d7 b45b2ff541
melakukan
d75a3c6c0f
2 mengubah file dengan 23 tambahan dan 3 penghapusan
Tampilan Split Tampilkan Statistik Diff
  1. 19 2
      roles/openshift_certificate_expiry/library/openshift_cert_expiry.py
  2. 4 1
      roles/openshift_certificate_expiry/test/conftest.py

+ 19 - 2
roles/openshift_certificate_expiry/library/openshift_cert_expiry.py
Tampilan Berkas 

@@ -104,6 +104,7 @@ platforms missing the Python OpenSSL library.
 
         self.extensions = []
 
 
         PARSING_ALT_NAMES = False
 
+        PARSING_HEX_SERIAL = False
 
         for line in self.cert_string.split('\n'):
 
             l = line.strip()
 
             if PARSING_ALT_NAMES:
 
@@ -114,10 +115,26 @@ platforms missing the Python OpenSSL library.
 
                 PARSING_ALT_NAMES = False
 
                 continue
 
 
+            if PARSING_HEX_SERIAL:
 
+                # Hex serials arrive colon-delimited
 
+                serial_raw = l.replace(':', '')
 
+                # Convert to decimal
 
+                self.serial = int('0x' + serial_raw, base=16)
 
+                PARSING_HEX_SERIAL = False
 
+                continue
 
+
 
             # parse out the bits that we can
 
             if l.startswith('Serial Number:'):
 
-                # Serial Number: 11 (0xb)
 
-                # => 11
 
+                # Decimal format:
 
+                #   Serial Number: 11 (0xb)
 
+                #   => 11
 
+                # Hex Format (large serials):
 
+                #   Serial Number:
 
+                #       0a:de:eb:24:04:75:ab:56:39:14:e9:5a:22:e2:85:bf
 
+                #   => 14449739080294792594019643629255165375
 
+                if l.endswith(':'):
 
+                    PARSING_HEX_SERIAL = True
 
+                    continue
 
                 self.serial = int(l.split()[-2])
 
 
             elif l.startswith('Not After :'):

+ 4 - 1
roles/openshift_certificate_expiry/test/conftest.py
Tampilan Berkas 

@@ -23,7 +23,10 @@ VALID_CERTIFICATE_PARAMS = [
 
     {
 
         'short_name': 'combined',
 
         'cn': 'combined.example.com',
 
-        'serial': 6,
 
+        # Verify that HUGE serials parse correctly.
 
+        # Frobs PARSING_HEX_SERIAL in _parse_cert
 
+        # See https://bugzilla.redhat.com/show_bug.cgi?id=1464240
 
+        'serial': 14449739080294792594019643629255165375,
 
         'uses': b'clientAuth, serverAuth',
 
         'dns': ['etcd'],
 
         'ip': ['10.0.0.2', '192.168.0.2']