Blame SOURCES/0100-ureport-allow-multiple-cert-file-in-rhsm-entitlement.patch

4b6aa8
From 52928f385d8a0885ba7cc6a110d4ff6dc4ab91e6 Mon Sep 17 00:00:00 2001
4b6aa8
From: Jakub Filak <jfilak@redhat.com>
4b6aa8
Date: Wed, 22 Oct 2014 08:00:39 +0200
4b6aa8
Subject: [LIBREPORT PATCH 100/105] ureport: allow multiple cert file in
4b6aa8
 rhsm-entitlement dir
4b6aa8
4b6aa8
Thanks Martin Milata <mmilata@redhat.com>
4b6aa8
4b6aa8
https://bugzilla.redhat.com/show_bug.cgi?id=1140224#c6
4b6aa8
4b6aa8
Related to #1140224
4b6aa8
4b6aa8
Signed-off-by: Jakub Filak <jfilak@redhat.com>
4b6aa8
---
4b6aa8
 src/lib/ureport.c | 54 +++++++++++++++++++++++-------------------------------
4b6aa8
 1 file changed, 23 insertions(+), 31 deletions(-)
4b6aa8
4b6aa8
diff --git a/src/lib/ureport.c b/src/lib/ureport.c
4b6aa8
index 0e0472e..99e84ef 100644
4b6aa8
--- a/src/lib/ureport.c
4b6aa8
+++ b/src/lib/ureport.c
4b6aa8
@@ -103,52 +103,44 @@ ureport_server_config_set_client_auth(struct ureport_server_config *config,
4b6aa8
             ureport_server_config_set_url(config, xstrdup(RHSM_WEB_SERVICE_URL));
4b6aa8
 
4b6aa8
         GList *certs = get_file_list(RHSMENT_PEM_DIR_PATH, "pem");
4b6aa8
-        if (g_list_length(certs) != 2)
4b6aa8
+        if (g_list_length(certs) < 2)
4b6aa8
         {
4b6aa8
+            g_list_free_full(certs, (GDestroyNotify)free_file_obj);
4b6aa8
+
4b6aa8
             log_notice(RHSMENT_PEM_DIR_PATH" does not contain unique cert-key files pair");
4b6aa8
             log_notice("Not using client authentication");
4b6aa8
             return;
4b6aa8
         }
4b6aa8
 
4b6aa8
-        const char *cert = NULL;
4b6aa8
-        const char *key = NULL;
4b6aa8
-
4b6aa8
-        file_obj_t *fst = (file_obj_t *)certs->data;
4b6aa8
-        file_obj_t *scn = (file_obj_t *)certs->next->data;
4b6aa8
-
4b6aa8
-        if (strlen(fo_get_filename(fst)) < strlen(fo_get_filename(scn)))
4b6aa8
+        /* Use the last non-key file found. */
4b6aa8
+        file_obj_t *cert = NULL;
4b6aa8
+        for (GList *iter = certs; iter != NULL; iter = g_list_next(iter))
4b6aa8
         {
4b6aa8
-            cert = fo_get_filename(fst);
4b6aa8
-            key = fo_get_filename(scn);
4b6aa8
+            file_obj_t *tmp = (file_obj_t *)iter->data;
4b6aa8
+            const char *file_name = fo_get_filename(tmp);
4b6aa8
 
4b6aa8
-            config->ur_client_cert = xstrdup(fo_get_fullpath(fst));
4b6aa8
-            config->ur_client_key = xstrdup(fo_get_fullpath(scn));
4b6aa8
+            if (suffixcmp(file_name, "-key"))
4b6aa8
+                cert = tmp;
4b6aa8
         }
4b6aa8
-        else
4b6aa8
+
4b6aa8
+        if (cert == NULL)
4b6aa8
         {
4b6aa8
-            cert = fo_get_filename(scn);
4b6aa8
-            key = fo_get_filename(fst);
4b6aa8
+            g_list_free_full(certs, (GDestroyNotify)free_file_obj);
4b6aa8
 
4b6aa8
-            config->ur_client_cert = xstrdup(fo_get_fullpath(scn));
4b6aa8
-            config->ur_client_key = xstrdup(fo_get_fullpath(fst));
4b6aa8
+            log_notice(RHSMENT_PEM_DIR_PATH" contains only key files");
4b6aa8
+            log_notice("Not using client authentication");
4b6aa8
+            return;
4b6aa8
         }
4b6aa8
 
4b6aa8
-        const bool iscomplement = prefixcmp(key, cert) != 0 || strcmp("-key", key + strlen(cert)) != 0;
4b6aa8
-        g_list_free_full(certs, (GDestroyNotify)free_file_obj);
4b6aa8
+        config->ur_client_cert = xstrdup(fo_get_fullpath(cert));
4b6aa8
+        /* Yes, the key file may not exists. I over took this code from
4b6aa8
+         * sos-uploader and they are pretty happy with this approach, so why
4b6aa8
+         * shouldn't we?. */
4b6aa8
+        config->ur_client_key = xasprintf("%s/%s-key.pem", RHSMENT_PEM_DIR_PATH, fo_get_filename(cert));
4b6aa8
 
4b6aa8
-        if (iscomplement)
4b6aa8
-        {
4b6aa8
-            log_notice("Key file '%s' isn't complement to cert file '%s'",
4b6aa8
-                    config->ur_client_key, config->ur_client_cert);
4b6aa8
-            log_notice("Not using client authentication");
4b6aa8
-
4b6aa8
-            free(config->ur_client_cert);
4b6aa8
-            free(config->ur_client_key);
4b6aa8
-            config->ur_client_cert = NULL;
4b6aa8
-            config->ur_client_key = NULL;
4b6aa8
+        log_debug("Using cert files: '%s' : '%s'", config->ur_client_cert, config->ur_client_key);
4b6aa8
 
4b6aa8
-            return;
4b6aa8
-        }
4b6aa8
+        g_list_free_full(certs, (GDestroyNotify)free_file_obj);
4b6aa8
 
4b6aa8
         char *certdata = xmalloc_open_read_close(config->ur_client_cert, /*no size limit*/NULL);
4b6aa8
         if (certdata != NULL)
4b6aa8
-- 
4b6aa8
1.8.3.1
4b6aa8