Barbican

certificates incorrectly encoded for dogtag plugin

Bug #1453636 reported by Ade Lee
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Barbican
Fix Released
High
Ade Lee
Barbican 1.0.0 "liberty"
Kilo
Fix Committed
Critical
Douglas Mendizábal

Bug Description

Barbican-core expects secrets to be base64 encoded. That includes certificates that are returned from the Dogtag CA, to be stored in secrets that are aggregated into a certificate container.

Right now, these certificates (which are in PEM form) are not base 64 encoded, which means that they cannot be retrieved because they cannot be correct base64 unencoded when the secret is retrieved.

Revision history for this message
Ade Lee (alee-3) wrote :

The solution is simply to base 64 encode the cert when it is returned from the CA. Patch to be posted.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to barbican (master)

Reviewed: https://review.openstack.org/181786
Committed: https://git.openstack.org/cgit/openstack/barbican/commit/?id=a42e35885ee21b78ca36aaee6f2e15002f6053cc
Submitter: Jenkins
Branch: master

commit a42e35885ee21b78ca36aaee6f2e15002f6053cc
Author: Ade Lee <email address hidden>
Date: Sun May 10 22:22:29 2015 -0400

    Base64 encode the cert returned from the Dogtag plugin

    Also, add the missing headers for the intermediates, and make the
    algorithm match case insensitive to make the supports() method more
    robust.

    Change-Id: I728846494e8f60ca37640d9753081deefd6cb8e4
    Closes-Bug: 1453636

Changed in barbican:
status: New → Fix Committed
Douglas Mendizábal (dougmendizabal)
Changed in barbican:
importance: Undecided → High
assignee: nobody → Ade Lee (alee-3)
milestone: none → liberty-1
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to barbican (stable/kilo)

Fix proposed to branch: stable/kilo
Review: https://review.openstack.org/187721

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to barbican (stable/kilo)

Reviewed: https://review.openstack.org/187721
Committed: https://git.openstack.org/cgit/openstack/barbican/commit/?id=2434a52f041cf6aa554d94c3013cbe0636c7b12c
Submitter: Jenkins
Branch: stable/kilo

commit 2434a52f041cf6aa554d94c3013cbe0636c7b12c
Author: Ade Lee <email address hidden>
Date: Sun May 10 22:22:29 2015 -0400

    Base64 encode the cert returned from the Dogtag plugin

    Also, add the missing headers for the intermediates, and make the
    algorithm match case insensitive to make the supports() method more
    robust.

    Change-Id: I728846494e8f60ca37640d9753081deefd6cb8e4
    Closes-Bug: 1453636
    (cherry picked from commit a42e35885ee21b78ca36aaee6f2e15002f6053cc)

Doug Hellmann (doug-hellmann)
Changed in barbican:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in barbican:
milestone: liberty-1 → 1.0.0
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.