On Fri, 2009-12-18 at 08:32 -0500, John Dennis wrote:
> On 12/18/2009 07:45 AM, Jason Gerard DeRose wrote:
> > On Thu, 2009-12-17 at 11:32 -0500, Rob Crittenden wrote:
> >> Found a few problems with certificate handling with certmonger. Add a
> >> try/except to handle base64-encoded certificates more gracefully. I had
> >> also missed a function import causing things to blow up in some cases.
> >>
> >> rob
> >
> > ack.  pushed to master.
> Hmm... maybe this should have been NAK'ed. The issues were under active 
> discussion. I don't think the patch is doing any harm but I'm not sure 
> it's the right solution. Maybe the patch shouldn't have been applied.

Ah, sorry about that... I got the impression that this was an innocent
stop-gap till we decide upon the details here.

> We have to be careful with our data types.
> The patch effectively was trying to determine if a certificate was 
> encoded in binary DER format as opposed to base64 encoded PEM format by 
> trying to base64 decode the certificate, if it successfully decoded it 
> was assumed to be PEM. That's not the right way to handle this IMHO.
> We either need to:
> * adopt the convention that all certificates are in pem format when 
> exchanged at an interface boundary
> * Have a method to unambiguously identify the certificate encoding, this 
> could be done in one of two ways.
> 1. Always associate an encoding format attribute with the certificate
> 2. We do have the ability to unambiguously distinguish between binary 
> objects and text objects. We could adopt the convention that if the data 
> type of the certificate object is binary it is in DER format and if the 
> data type of the certificate is TEXT then it's in PEM format.
> The distinction between binary and text is based on whether the object 
> is a str class or a unicode class. The downside of this approach is 
> we've haven't been rigorous with enforcing the correct data types, a 
> problem compounded by the fact Python happily converts between str and 
> unicode silently. Provided we're careful with using the right data type 
> then the following would work:
> if type(cert) is unicode:
>      cert_der = base64.b64decode(cert)
> else:
>      cert_der = cert
> -or-
> if type(cert) is str:
>      cert_pem = cert
> else:
>      cert_pem = der_cert_to_pem(cert)
> What we don't want to do is start employing heuristics to guess the 
> encoding, format, or data type of objects, it's not robust defensive 
> coding practice.

Freeipa-devel mailing list

Reply via email to