From 52928f385d8a0885ba7cc6a110d4ff6dc4ab91e6 Mon Sep 17 00:00:00 2001

From: Jakub Filak <jfilak@redhat.com>

Date: Wed, 22 Oct 2014 08:00:39 +0200

Subject: [LIBREPORT PATCH 100/105] ureport: allow multiple cert file in

 rhsm-entitlement dir

Thanks Martin Milata <mmilata@redhat.com>

https://bugzilla.redhat.com/show_bug.cgi?id=1140224#c6

Related to #1140224

Signed-off-by: Jakub Filak <jfilak@redhat.com>

---

 src/lib/ureport.c | 54 +++++++++++++++++++++++-------------------------------

 1 file changed, 23 insertions(+), 31 deletions(-)

diff --git a/src/lib/ureport.c b/src/lib/ureport.c

index 0e0472e..99e84ef 100644

--- a/src/lib/ureport.c

+++ b/src/lib/ureport.c

@@ -103,52 +103,44 @@ ureport_server_config_set_client_auth(struct ureport_server_config *config,

             ureport_server_config_set_url(config, xstrdup(RHSM_WEB_SERVICE_URL));

         GList *certs = get_file_list(RHSMENT_PEM_DIR_PATH, "pem");

-        if (g_list_length(certs) != 2)

+        if (g_list_length(certs) < 2)

         {

+            g_list_free_full(certs, (GDestroyNotify)free_file_obj);

+

             log_notice(RHSMENT_PEM_DIR_PATH" does not contain unique cert-key files pair");

             log_notice("Not using client authentication");

             return;

         }

-        const char *cert = NULL;

-        const char *key = NULL;

-

-        file_obj_t *fst = (file_obj_t *)certs->data;

-        file_obj_t *scn = (file_obj_t *)certs->next->data;

-

-        if (strlen(fo_get_filename(fst)) < strlen(fo_get_filename(scn)))

+        /* Use the last non-key file found. */

+        file_obj_t *cert = NULL;

+        for (GList *iter = certs; iter != NULL; iter = g_list_next(iter))

         {

-            cert = fo_get_filename(fst);

-            key = fo_get_filename(scn);

+            file_obj_t *tmp = (file_obj_t *)iter->data;

+            const char *file_name = fo_get_filename(tmp);

-            config->ur_client_cert = xstrdup(fo_get_fullpath(fst));

-            config->ur_client_key = xstrdup(fo_get_fullpath(scn));

+            if (suffixcmp(file_name, "-key"))

+                cert = tmp;

         }

-        else

+

+        if (cert == NULL)

         {

-            cert = fo_get_filename(scn);

-            key = fo_get_filename(fst);

+            g_list_free_full(certs, (GDestroyNotify)free_file_obj);

-            config->ur_client_cert = xstrdup(fo_get_fullpath(scn));

-            config->ur_client_key = xstrdup(fo_get_fullpath(fst));

+            log_notice(RHSMENT_PEM_DIR_PATH" contains only key files");

+            log_notice("Not using client authentication");

+            return;

         }

-        const bool iscomplement = prefixcmp(key, cert) != 0 || strcmp("-key", key + strlen(cert)) != 0;

-        g_list_free_full(certs, (GDestroyNotify)free_file_obj);

+        config->ur_client_cert = xstrdup(fo_get_fullpath(cert));

+        /* Yes, the key file may not exists. I over took this code from

+         * sos-uploader and they are pretty happy with this approach, so why

+         * shouldn't we?. */

+        config->ur_client_key = xasprintf("%s/%s-key.pem", RHSMENT_PEM_DIR_PATH, fo_get_filename(cert));

-        if (iscomplement)

-        {

-            log_notice("Key file '%s' isn't complement to cert file '%s'",

-                    config->ur_client_key, config->ur_client_cert);

-            log_notice("Not using client authentication");

-

-            free(config->ur_client_cert);

-            free(config->ur_client_key);

-            config->ur_client_cert = NULL;

-            config->ur_client_key = NULL;

+        log_debug("Using cert files: '%s' : '%s'", config->ur_client_cert, config->ur_client_key);

-            return;

-        }

+        g_list_free_full(certs, (GDestroyNotify)free_file_obj);

         char *certdata = xmalloc_open_read_close(config->ur_client_cert, /*no size limit*/NULL);

         if (certdata != NULL)

-- 

1.8.3.1