From 5d12514863a9676c2a67bf78d487d4e867caba73 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Aug 15 2017 22:22:51 +0000 Subject: Reformat certificates returned by Dogtag The formatting of PEM certificates returned by Dogtag may not match our ideal, so strip off the PEM header and footer and reformat them ourselves before outputting them. Should fix #76. Signed-off-by: Nalin Dahyabhai --- diff --git a/src/submit-d.c b/src/submit-d.c index f7683c6..5a4edb3 100644 --- a/src/submit-d.c +++ b/src/submit-d.c @@ -568,6 +568,8 @@ cm_submit_d_fetch_result(void *parent, const char *xml, char **error, char **status, char **requestId, char **cert) { + char *stripped, *reformatted; + *error = cm_submit_d_xml_value(parent, xml, "/xml/fixed/unexpectedError"); *status = cm_submit_d_xml_value(parent, xml, @@ -576,6 +578,20 @@ cm_submit_d_fetch_result(void *parent, const char *xml, "/xml/header/requestId"); *cert = cm_submit_d_xml_value(parent, xml, "/xml/records/record/base64Cert"); + if (*cert != NULL) { + /* The formatting of the certificate includes an extra blank line after the + * last line of base64 data, before the END line, which can trip up some + * parsers. Clean it up here. */ + stripped = cm_submit_u_base64_from_text(*cert); + if (stripped != NULL) { + reformatted = cm_submit_u_pem_from_base64("CERTIFICATE", 0, stripped); + if (reformatted != NULL) { + *cert = talloc_strdup(parent, reformatted); + free(reformatted); + } + free(stripped); + } + } return 0; } diff --git a/tests/019-dparse/expected.out b/tests/019-dparse/expected.out index 0088ef0..5b03c05 100644 --- a/tests/019-dparse/expected.out +++ b/tests/019-dparse/expected.out @@ -66,6 +66,28 @@ LCT7m5N535pDf4tELcXRQAUv/xTp7F5O84pp8Bez14iVTtKazqseq5K7EKCsRXfW FxfR4qHzwpD9Q7rvTzFP2/J/Cr8= -----END CERTIFICATE----- +[fetch-as-agent(good.displayCertFromRequest-extra-line) = ISSUED] +requestId="11",cert="-----BEGIN CERTIFICATE-----" +-----BEGIN CERTIFICATE----- +MIIDEDCCAfigAwIBAgIBCzANBgkqhkiG9w0BAQsFADA5MRcwFQYDVQQKEw5CT1Mu +UkVESEFULkNPTTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEy +MDYyNTIxMDcxMloXDTE2MDYyNTIxMDcxMlowNzEXMBUGA1UEChMOQk9TLlJFREhB +VC5DT00xHDAaBgNVBAMTE09iamVjdCBTaWduaW5nIENlcnQwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCmZoqUb8hHS6E/MmrlimQlhLHlPdxlJZn3de0K +8vHWCuyBqM9tmISsoSYHOdCm/c6vrVwwSMkn5HMjjWsJGKNdZouBmlA1WuiMDjWF +r7WexGUd34lUlliG6VQdIdkQMn9rjG+W8wTEOPCxlUBUwUBzIyZ3XDe0eCIN7NBL +wh7efZZjRgln8mH7aEGaUug2tOqj2niudXZZLLMthU/f74pdBTD+EXiAkEjN8j12 +ba2Zv5mDyDqan5WDMf9a9EbDwMnFKU7/SEDCvra2jrQNPKu/dRsBvGdzqgEJDuNa +Wrn/kSz2worbW2c7V9jLgsYSjTLeYIAulCifIzBG9bisAT8DAgMBAAGjJTAjMA4G +A1UdDwEB/wQEAwIChDARBglghkgBhvhCAQEEBAMCBBAwDQYJKoZIhvcNAQELBQAD +ggEBAJzERxUVdka5UF98Ks9Lj4Y69yoiIFRYswLsCYZoP8rwZlW4aprtE/caz3nb +mFKSG1oS84DZ/d3wnvSBhdbfBLh59YH9eJnRZPS8Q+jIRkg9VSnleQTJg+kIngUZ +eWBSUUSfAI6BrgdaFB4us7i0yWJTorRh/Te69M3UKNVfx8LJsPt/nG2nQW/X0ydJ +LCT7m5N535pDf4tELcXRQAUv/xTp7F5O84pp8Bez14iVTtKazqseq5K7EKCsRXfW +4zj1FewSYaEaTHyBrcwwArEyBbdkC5cdwfJUVvNFWXrfYiCy6yBmTCQbrucmqC0M +FxfR4qHzwpD9Q7rvTzFP2/J/Cr8= +-----END CERTIFICATE----- + [profiles-as-agent(good.profileList) = ISSUED] error_code="0",error_reason="" caUserCert @@ -204,6 +226,28 @@ LCT7m5N535pDf4tELcXRQAUv/xTp7F5O84pp8Bez14iVTtKazqseq5K7EKCsRXfW FxfR4qHzwpD9Q7rvTzFP2/J/Cr8= -----END CERTIFICATE----- +[fetch-as-end-entity(good.displayCertFromRequest-extra-line) = ISSUED] +requestId="11",cert="-----BEGIN CERTIFICATE-----" +-----BEGIN CERTIFICATE----- +MIIDEDCCAfigAwIBAgIBCzANBgkqhkiG9w0BAQsFADA5MRcwFQYDVQQKEw5CT1Mu +UkVESEFULkNPTTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEy +MDYyNTIxMDcxMloXDTE2MDYyNTIxMDcxMlowNzEXMBUGA1UEChMOQk9TLlJFREhB +VC5DT00xHDAaBgNVBAMTE09iamVjdCBTaWduaW5nIENlcnQwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCmZoqUb8hHS6E/MmrlimQlhLHlPdxlJZn3de0K +8vHWCuyBqM9tmISsoSYHOdCm/c6vrVwwSMkn5HMjjWsJGKNdZouBmlA1WuiMDjWF +r7WexGUd34lUlliG6VQdIdkQMn9rjG+W8wTEOPCxlUBUwUBzIyZ3XDe0eCIN7NBL +wh7efZZjRgln8mH7aEGaUug2tOqj2niudXZZLLMthU/f74pdBTD+EXiAkEjN8j12 +ba2Zv5mDyDqan5WDMf9a9EbDwMnFKU7/SEDCvra2jrQNPKu/dRsBvGdzqgEJDuNa +Wrn/kSz2worbW2c7V9jLgsYSjTLeYIAulCifIzBG9bisAT8DAgMBAAGjJTAjMA4G +A1UdDwEB/wQEAwIChDARBglghkgBhvhCAQEEBAMCBBAwDQYJKoZIhvcNAQELBQAD +ggEBAJzERxUVdka5UF98Ks9Lj4Y69yoiIFRYswLsCYZoP8rwZlW4aprtE/caz3nb +mFKSG1oS84DZ/d3wnvSBhdbfBLh59YH9eJnRZPS8Q+jIRkg9VSnleQTJg+kIngUZ +eWBSUUSfAI6BrgdaFB4us7i0yWJTorRh/Te69M3UKNVfx8LJsPt/nG2nQW/X0ydJ +LCT7m5N535pDf4tELcXRQAUv/xTp7F5O84pp8Bez14iVTtKazqseq5K7EKCsRXfW +4zj1FewSYaEaTHyBrcwwArEyBbdkC5cdwfJUVvNFWXrfYiCy6yBmTCQbrucmqC0M +FxfR4qHzwpD9Q7rvTzFP2/J/Cr8= +-----END CERTIFICATE----- + [profiles-as-end-entity(good.profileList) = ISSUED] error_code="0",error_reason="" caUserCert @@ -276,4 +320,4 @@ Server at "FETCH" replied: Request ID 19 was not found in the request queue. [fetch-as-end-entity(bad.displayCertFromRequest.rejected) = REJECTED] error="Request ID 17 was not completed.",status="7" Server at "FETCH" replied: Request ID 17 was not completed. -48 samples. +50 samples. diff --git a/tests/019-dparse/good.displayCertFromRequest-extra-line b/tests/019-dparse/good.displayCertFromRequest-extra-line new file mode 100644 index 0000000..ef5a8e6 --- /dev/null +++ b/tests/019-dparse/good.displayCertFromRequest-extra-line @@ -0,0 +1,145 @@ +
true11
http9180rapier.bos.redhat.comrapier.bos.redhat.com11Certificate Manager9180MD2: + 2B:E7:39:53:38:28:68:11:65:8A:E3:7B:36:4E:A9:44 +MD5: + 68:3F:AF:2C:38:37:E8:3E:5A:B5:4E:AE:40:54:2F:12 +SHA1: + D2:E1:1C:C4:CD:53:03:2C:62:CC:4F:68:60:52:A3:DC: + 2F:2B:64:89 +SHA256: + B8:DA:7A:D4:79:75:63:2B:59:D4:C5:B9:61:3C:59:60: + E6:A3:7C:38:EE:55:48:45:CB:B8:91:D0:CB:C7:E6:5F +SHA512: + 8F:E1:12:D0:A5:D7:C0:B0:77:D6:56:22:B7:4C:96:D3: + 8F:F0:8E:0B:25:8D:48:E5:8F:15:44:44:B0:51:B4:96: + AE:DC:01:B1:EF:34:E5:48:20:CB:31:6B:00:20:3B:F4: + 30:1D:86:74:B1:CA:4F:4F:DD:6C:20:2B:75:DB:89:51MIIG3gYJKoZIhvcNAQcCoIIGzzCCBssCAQExADAPBgkqhkiG9w0BBwGgAgQAoIIG +rzCCAxAwggH4oAMCAQICAQswDQYJKoZIhvcNAQELBQAwOTEXMBUGA1UEChMOQk9T +LlJFREhBVC5DT00xHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0x +MjA2MjUyMTA3MTJaFw0xNjA2MjUyMTA3MTJaMDcxFzAVBgNVBAoTDkJPUy5SRURI +QVQuQ09NMRwwGgYDVQQDExNPYmplY3QgU2lnbmluZyBDZXJ0MIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmaKlG/IR0uhPzJq5YpkJYSx5T3cZSWZ93Xt +CvLx1grsgajPbZiErKEmBznQpv3Or61cMEjJJ+RzI41rCRijXWaLgZpQNVrojA41 +ha+1nsRlHd+JVJZYhulUHSHZEDJ/a4xvlvMExDjwsZVAVMFAcyMmd1w3tHgiDezQ +S8Ie3n2WY0YJZ/Jh+2hBmlLoNrTqo9p4rnV2WSyzLYVP3++KXQUw/hF4gJBIzfI9 +dm2tmb+Zg8g6mp+VgzH/WvRGw8DJxSlO/0hAwr62to60DTyrv3UbAbxnc6oBCQ7j +Wlq5/5Es9sKK21tnO1fYy4LGEo0y3mCALpQonyMwRvW4rAE/AwIDAQABoyUwIzAO +BgNVHQ8BAf8EBAMCAoQwEQYJYIZIAYb4QgEBBAQDAgQQMA0GCSqGSIb3DQEBCwUA +A4IBAQCcxEcVFXZGuVBffCrPS4+GOvcqIiBUWLMC7AmGaD/K8GZVuGqa7RP3Gs95 +25hSkhtaEvOA2f3d8J70gYXW3wS4efWB/XiZ0WT0vEPoyEZIPVUp5XkEyYPpCJ4F +GXlgUlFEnwCOga4HWhQeLrO4tMliU6K0Yf03uvTN1CjVX8fCybD7f5xtp0Fv19Mn +SSwk+5uTed+aQ3+LRC3F0UAFL/8U6exeTvOKafAXs9eIlU7Sms6rHquSuxCgrEV3 +1uM49RXsEmGhGkx8ga3MMAKxMgW3ZAuXHcHyVFbzRVl632IgsusgZkwkG67nJqgt +DBcX0eKh88KQ/UO6708xT9vyfwq/MIIDlzCCAn+gAwIBAgIBATANBgkqhkiG9w0B +AQsFADA5MRcwFQYDVQQKEw5CT1MuUkVESEFULkNPTTEeMBwGA1UEAxMVQ2VydGlm +aWNhdGUgQXV0aG9yaXR5MB4XDTEyMDYyNTIxMDQxNFoXDTIwMDYyNTIxMDQxNFow +OTEXMBUGA1UEChMOQk9TLlJFREhBVC5DT00xHjAcBgNVBAMTFUNlcnRpZmljYXRl +IEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKQDgery +1wgDVSs2yLo1vM0QCPOFi12T5ree2J/ian0dfHbSS9T2GC2TQwjgJLFUnQGkKZ9P +TnASJSbPrILl19W/k+QwW3fPqvt+ryvXtK2Ezd3nFVUt6oKxj2bqxC0vS04k0Bab +qBfAiRILI4VKUgPWu3YI3k8Nret4+dUmA8EkfBe/FiCdAXdlxWRfkXiiKX6JRfVx +0xweVfw0IDJopNFqAeznvre6fHpzROqw3JKXgagBGYLRgLlontbHnY8teJjlrbBe +HQDKn3iOpjkWwHihYkODVSNr3lK8NnfeRjX2+qMOKzX6nkEpz1wigS+/BTtkrRDa +AB+oRKKR5D9Zy2sCAwEAAaOBqTCBpjAfBgNVHSMEGDAWgBT5QugkOI4hLnyQxmRS +gyB6JXCJmDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBxjAdBgNVHQ4E +FgQU+ULoJDiOIS58kMZkUoMgeiVwiZgwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUF +BzABhidodHRwOi8vcmFwaWVyLmJvcy5yZWRoYXQuY29tOjgwL2NhL29jc3AwDQYJ +KoZIhvcNAQELBQADggEBAC/7xtbqCLTNX/ctz3NW+TDRQcSBftVWMDK8G+4TAjKa +vsZdVnEKJAxo9UAcQL7A8/NFhxDwFGc3gF4agkGuZAMyZzUwynpY26yLyM4mBviv +KhJBvbNOykB5BdAags04/Zlb1Bgg9PZqc5ErjcICKTmBAmVxQ0Nzlv49Ts9kNTa+ +RZfNvne05dxNdJdPOWX7SHlh0GA/E6d/9+mlNn8x0uHMhbGlLC4EifeiijOyOLwH +6gwPXRPij+95RLxpRA6lXKVEUc5Iu2iZOn25b3xrYL7hFilzLA05vM/Z67UkJbBn +a01OM5RZIURKD5IGIuD6BTD/u0qzNq4EEF2HedELdVUxAA==bCertificate: + Data: + Version: v3 + Serial Number: 0xB + Signature Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11 + Issuer: CN=Certificate Authority,O=BOS.REDHAT.COM + Validity: + Not Before: Monday, June 25, 2012 5:07:12 PM EDT America/New_York + Not After: Saturday, June 25, 2016 5:07:12 PM EDT America/New_York + Subject: CN=Object Signing Cert,O=BOS.REDHAT.COM + Subject Public Key Info: + Algorithm: RSA - 1.2.840.113549.1.1.1 + Public Key: + Exponent: 65537 + Public Key Modulus: (2048 bits) : + A6:66:8A:94:6F:C8:47:4B:A1:3F:32:6A:E5:8A:64:25: + 84:B1:E5:3D:DC:65:25:99:F7:75:ED:0A:F2:F1:D6:0A: + EC:81:A8:CF:6D:98:84:AC:A1:26:07:39:D0:A6:FD:CE: + AF:AD:5C:30:48:C9:27:E4:73:23:8D:6B:09:18:A3:5D: + 66:8B:81:9A:50:35:5A:E8:8C:0E:35:85:AF:B5:9E:C4: + 65:1D:DF:89:54:96:58:86:E9:54:1D:21:D9:10:32:7F: + 6B:8C:6F:96:F3:04:C4:38:F0:B1:95:40:54:C1:40:73: + 23:26:77:5C:37:B4:78:22:0D:EC:D0:4B:C2:1E:DE:7D: + 96:63:46:09:67:F2:61:FB:68:41:9A:52:E8:36:B4:EA: + A3:DA:78:AE:75:76:59:2C:B3:2D:85:4F:DF:EF:8A:5D: + 05:30:FE:11:78:80:90:48:CD:F2:3D:76:6D:AD:99:BF: + 99:83:C8:3A:9A:9F:95:83:31:FF:5A:F4:46:C3:C0:C9: + C5:29:4E:FF:48:40:C2:BE:B6:B6:8E:B4:0D:3C:AB:BF: + 75:1B:01:BC:67:73:AA:01:09:0E:E3:5A:5A:B9:FF:91: + 2C:F6:C2:8A:DB:5B:67:3B:57:D8:CB:82:C6:12:8D:32: + DE:60:80:2E:94:28:9F:23:30:46:F5:B8:AC:01:3F:03 + Extensions: + Identifier: Key Usage: - 2.5.29.15 + Critical: yes + Key Usage: + Digital Signature + Key CertSign + Identifier: Netscape Certificate Type - 2.16.840.1.113730.1.1 + Critical: no + Certificate Usage: + Object Signing + Signature: + Algorithm: SHA256withRSA - 1.2.840.113549.1.1.11 + Signature: + 9C:C4:47:15:15:76:46:B9:50:5F:7C:2A:CF:4B:8F:86: + 3A:F7:2A:22:20:54:58:B3:02:EC:09:86:68:3F:CA:F0: + 66:55:B8:6A:9A:ED:13:F7:1A:CF:79:DB:98:52:92:1B: + 5A:12:F3:80:D9:FD:DD:F0:9E:F4:81:85:D6:DF:04:B8: + 79:F5:81:FD:78:99:D1:64:F4:BC:43:E8:C8:46:48:3D: + 55:29:E5:79:04:C9:83:E9:08:9E:05:19:79:60:52:51: + 44:9F:00:8E:81:AE:07:5A:14:1E:2E:B3:B8:B4:C9:62: + 53:A2:B4:61:FD:37:BA:F4:CD:D4:28:D5:5F:C7:C2:C9: + B0:FB:7F:9C:6D:A7:41:6F:D7:D3:27:49:2C:24:FB:9B: + 93:79:DF:9A:43:7F:8B:44:2D:C5:D1:40:05:2F:FF:14: + E9:EC:5E:4E:F3:8A:69:F0:17:B3:D7:88:95:4E:D2:9A: + CE:AB:1E:AB:92:BB:10:A0:AC:45:77:D6:E3:38:F5:15: + EC:12:61:A1:1A:4C:7C:81:AD:CC:30:02:B1:32:05:B7: + 64:0B:97:1D:C1:F2:54:56:F3:45:59:7A:DF:62:20:B2: + EB:20:66:4C:24:1B:AE:E7:26:A8:2D:0C:17:17:D1:E2: + A1:F3:C2:90:FD:43:BA:EF:4F:31:4F:DB:F2:7F:0A:BF + FingerPrint + MD2: + 2B:E7:39:53:38:28:68:11:65:8A:E3:7B:36:4E:A9:44 + MD5: + 68:3F:AF:2C:38:37:E8:3E:5A:B5:4E:AE:40:54:2F:12 + SHA1: + D2:E1:1C:C4:CD:53:03:2C:62:CC:4F:68:60:52:A3:DC: + 2F:2B:64:89 + SHA256: + B8:DA:7A:D4:79:75:63:2B:59:D4:C5:B9:61:3C:59:60: + E6:A3:7C:38:EE:55:48:45:CB:B8:91:D0:CB:C7:E6:5F + SHA512: + 8F:E1:12:D0:A5:D7:C0:B0:77:D6:56:22:B7:4C:96:D3: + 8F:F0:8E:0B:25:8D:48:E5:8F:15:44:44:B0:51:B4:96: + AE:DC:01:B1:EF:34:E5:48:20:CB:31:6B:00:20:3B:F4: + 30:1D:86:74:B1:CA:4F:4F:DD:6C:20:2B:75:DB:89:51-----BEGIN CERTIFICATE----- +MIIDEDCCAfigAwIBAgIBCzANBgkqhkiG9w0BAQsFADA5MRcwFQYDVQQKEw5CT1Mu +UkVESEFULkNPTTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEy +MDYyNTIxMDcxMloXDTE2MDYyNTIxMDcxMlowNzEXMBUGA1UEChMOQk9TLlJFREhB +VC5DT00xHDAaBgNVBAMTE09iamVjdCBTaWduaW5nIENlcnQwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCmZoqUb8hHS6E/MmrlimQlhLHlPdxlJZn3de0K +8vHWCuyBqM9tmISsoSYHOdCm/c6vrVwwSMkn5HMjjWsJGKNdZouBmlA1WuiMDjWF +r7WexGUd34lUlliG6VQdIdkQMn9rjG+W8wTEOPCxlUBUwUBzIyZ3XDe0eCIN7NBL +wh7efZZjRgln8mH7aEGaUug2tOqj2niudXZZLLMthU/f74pdBTD+EXiAkEjN8j12 +ba2Zv5mDyDqan5WDMf9a9EbDwMnFKU7/SEDCvra2jrQNPKu/dRsBvGdzqgEJDuNa +Wrn/kSz2worbW2c7V9jLgsYSjTLeYIAulCifIzBG9bisAT8DAgMBAAGjJTAjMA4G +A1UdDwEB/wQEAwIChDARBglghkgBhvhCAQEEBAMCBBAwDQYJKoZIhvcNAQELBQAD +ggEBAJzERxUVdka5UF98Ks9Lj4Y69yoiIFRYswLsCYZoP8rwZlW4aprtE/caz3nb +mFKSG1oS84DZ/d3wnvSBhdbfBLh59YH9eJnRZPS8Q+jIRkg9VSnleQTJg+kIngUZ +eWBSUUSfAI6BrgdaFB4us7i0yWJTorRh/Te69M3UKNVfx8LJsPt/nG2nQW/X0ydJ +LCT7m5N535pDf4tELcXRQAUv/xTp7F5O84pp8Bez14iVTtKazqseq5K7EKCsRXfW +4zj1FewSYaEaTHyBrcwwArEyBbdkC5cdwfJUVvNFWXrfYiCy6yBmTCQbrucmqC0M +FxfR4qHzwpD9Q7rvTzFP2/J/Cr8= + +-----END CERTIFICATE-----