On 12/18/2009 07:45 AM, Jason Gerard DeRose wrote:
On Thu, 2009-12-17 at 11:32 -0500, Rob Crittenden wrote:
Found a few problems with certificate handling with certmonger. Add a
try/except to handle base64-encoded certificates more gracefully. I had
also missed a function import causing things to blow up in some cases.


ack.  pushed to master.

Hmm... maybe this should have been NAK'ed. The issues were under active discussion. I don't think the patch is doing any harm but I'm not sure it's the right solution. Maybe the patch shouldn't have been applied.

We have to be careful with our data types.

The patch effectively was trying to determine if a certificate was encoded in binary DER format as opposed to base64 encoded PEM format by trying to base64 decode the certificate, if it successfully decoded it was assumed to be PEM. That's not the right way to handle this IMHO.

We either need to:

* adopt the convention that all certificates are in pem format when exchanged at an interface boundary

* Have a method to unambiguously identify the certificate encoding, this could be done in one of two ways.

1. Always associate an encoding format attribute with the certificate

2. We do have the ability to unambiguously distinguish between binary objects and text objects. We could adopt the convention that if the data type of the certificate object is binary it is in DER format and if the data type of the certificate is TEXT then it's in PEM format.

The distinction between binary and text is based on whether the object is a str class or a unicode class. The downside of this approach is we've haven't been rigorous with enforcing the correct data types, a problem compounded by the fact Python happily converts between str and unicode silently. Provided we're careful with using the right data type then the following would work:

if type(cert) is unicode:
    cert_der = base64.b64decode(cert)
    cert_der = cert


if type(cert) is str:
    cert_pem = cert
    cert_pem = der_cert_to_pem(cert)

What we don't want to do is start employing heuristics to guess the encoding, format, or data type of objects, it's not robust defensive coding practice.

John Dennis <jden...@redhat.com>

Looking to carve out IT costs?

Freeipa-devel mailing list

Reply via email to