Skip to content

Commit ffa9040

Browse files
helgihelgi
authored
fix(certs): allow empty Common Name in certificates (#1024)
Fixes #1000
1 parent a2b8428 commit ffa9040

6 files changed

Lines changed: 119 additions & 1 deletion

File tree

rootfs/api/migrations/0016_auto_20160830_0104.py

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
# -*- coding: utf-8 -*-
2+
# Generated by Django 1.10 on 2016-08-30 01:04
3+
from __future__ import unicode_literals
4+
5+
from django.db import migrations, models
6+
7+
8+
class Migration(migrations.Migration):
9+
10+
dependencies = [
11+
('api', '0015_auto_20160822_2103'),
12+
]
13+
14+
operations = [
15+
migrations.AlterField(
16+
model_name='certificate',
17+
name='common_name',
18+
field=models.TextField(editable=False, null=True),
19+
),
20+
]

rootfs/api/models/certificate.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -81,7 +81,7 @@ class Certificate(AuditedModel):
8181
certificate = models.TextField(validators=[validate_certificate])
8282
key = models.TextField()
8383
# X.509 certificates allow any string of information as the common name.
84-
common_name = models.TextField(editable=False, unique=False)
84+
common_name = models.TextField(editable=False, unique=False, null=True)
8585
# A list of DNS records if certificate has SubjectAltName
8686
san = ArrayField(models.CharField(max_length=253), null=True)
8787
# SHA256 fingerprint

rootfs/api/tests/certs/self-signed.cert

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIIDZjCCAk4CCQDeqDhK+PmamDANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJV
3+
UzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNGMREwDwYDVQQKEwhEZWlzIEluYzEU
4+
MBIGA1UECxMLRW5naW5lZXJpbmcxIzAhBgkqhkiG9w0BCQEWFGVuZ2luZWVyaW5n
5+
QGRlaXMuY29tMB4XDTE2MDgzMDAwNTE1NFoXDTE3MDgzMDAwNTE1NFowdTELMAkG
6+
A1UEBhMCVVMxCzAJBgNVBAgTAkNBMQswCQYDVQQHEwJTRjERMA8GA1UEChMIRGVp
7+
cyBJbmMxFDASBgNVBAsTC0VuZ2luZWVyaW5nMSMwIQYJKoZIhvcNAQkBFhRlbmdp
8+
bmVlcmluZ0BkZWlzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
9+
AKMjs+IP0V1Fwgn4FNLvsGn1d4TlshXBEFeLUxFVPBKIRSy3TiVNpIFmkJfV+Car
10+
JH26e1I65oX0r58w1OvhCmepzGsvij63+u81XPx0xe6CffUiy36Sv6M6ezVF3mrC
11+
e4FvdM2eCCMYJvKYoQKpUFyIPOyfX6lZSjhDjcVdw6mLgboWh5hz9k3Vu1U7mwQd
12+
l2FJTuwXnexQ5cRU9HzcEnA3RJAhlzcw/Ns11HVKuDZHdbvqIy5hKF99bxf5XnNg
13+
QSI6KKALsFFKqCJsJ0MRXXQPuGK87meqjGnRbXVYh8/splN6DkCicTQ6pPrl0zRo
14+
XikRxxE6VviOHpHD6KDrR/8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAQjsDk1Bc
15+
+/fSM2ksuue+MPnXfpqTW+yZZ6HvyCsODt3R8Z5cHtsesBywWxtGXPGYAFuUKcHJ
16+
eibo7z2o71eO0vx0tQQH/+y6Dw+5h8RHb/XTj/vMvnYSeQ2R+yVbGP/v/PWfeni/
17+
13QlEZmW2Bi4v8D/z+FacumZ4nZF6LrXG/OmygoTA/UDB5yAiH0G8L2xHfS5xy8s
18+
gRNXFXIUScA1iTFQgYEPRorzLwYtKBlGsr6wEbehkbq4D+1KjJa7aEukAakxGHAR
19+
000i9TMno4EDivZUC0xfQaXvBFfCHu/hrj1H3Obw1gWTKjsCe6QZwb+mWgbOcL4U
20+
2Ul1nLoBiMR6Kg==
21+
-----END CERTIFICATE-----

rootfs/api/tests/certs/self-signed.csr

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
-----BEGIN CERTIFICATE REQUEST-----
2+
MIICujCCAaICAQAwdTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQswCQYDVQQH
3+
EwJTRjERMA8GA1UEChMIRGVpcyBJbmMxFDASBgNVBAsTC0VuZ2luZWVyaW5nMSMw
4+
IQYJKoZIhvcNAQkBFhRlbmdpbmVlcmluZ0BkZWlzLmNvbTCCASIwDQYJKoZIhvcN
5+
AQEBBQADggEPADCCAQoCggEBAKMjs+IP0V1Fwgn4FNLvsGn1d4TlshXBEFeLUxFV
6+
PBKIRSy3TiVNpIFmkJfV+CarJH26e1I65oX0r58w1OvhCmepzGsvij63+u81XPx0
7+
xe6CffUiy36Sv6M6ezVF3mrCe4FvdM2eCCMYJvKYoQKpUFyIPOyfX6lZSjhDjcVd
8+
w6mLgboWh5hz9k3Vu1U7mwQdl2FJTuwXnexQ5cRU9HzcEnA3RJAhlzcw/Ns11HVK
9+
uDZHdbvqIy5hKF99bxf5XnNgQSI6KKALsFFKqCJsJ0MRXXQPuGK87meqjGnRbXVY
10+
h8/splN6DkCicTQ6pPrl0zRoXikRxxE6VviOHpHD6KDrR/8CAwEAAaAAMA0GCSqG
11+
SIb3DQEBBQUAA4IBAQB9yz4nqA1akJX+AtNZP/xDXgsfBB35zfOrzvuLVOU4S0kG
12+
Y488FwrhwI62HbOi6rRADQ0mCrgH4H2l+6seH8OEB12hI9KIPIBQCK+TJJPBlhgY
13+
rFDpG05n3M0oq86FQ0iOxSdDZ562E5fPVi3YaQZvgrWnX6S/YGB37m9Dblf5gzGz
14+
TftjOi34LA0LWkJCwMTARUGR943LURufYyduotQw8/3oKbQSOAWCub7beEPQenBB
15+
OXR3hBfQCtOPY0NbuBGSRqBuJbfoFJbMlK5TNI0bYBH+w7RHzw3y36cogHVz8ioT
16+
EMch2kgSeUTsKyjCIp3BS2hyk2PqHYvu2Eud++Er
17+
-----END CERTIFICATE REQUEST-----

rootfs/api/tests/certs/self-signed.key

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
-----BEGIN RSA PRIVATE KEY-----
2+
MIIEowIBAAKCAQEAoyOz4g/RXUXCCfgU0u+wafV3hOWyFcEQV4tTEVU8EohFLLdO
3+
JU2kgWaQl9X4Jqskfbp7UjrmhfSvnzDU6+EKZ6nMay+KPrf67zVc/HTF7oJ99SLL
4+
fpK/ozp7NUXeasJ7gW90zZ4IIxgm8pihAqlQXIg87J9fqVlKOEONxV3DqYuBuhaH
5+
mHP2TdW7VTubBB2XYUlO7Bed7FDlxFT0fNwScDdEkCGXNzD82zXUdUq4Nkd1u+oj
6+
LmEoX31vF/lec2BBIjoooAuwUUqoImwnQxFddA+4YrzuZ6qMadFtdViHz+ymU3oO
7+
QKJxNDqk+uXTNGheKRHHETpW+I4ekcPooOtH/wIDAQABAoIBACi2STbaIbJ4LSNV
8+
wMSfQlQ/CNOmitm4834Va+aAcdxiG3k8SYkvpiUQ1na91A66WQHzXsE3p724QXel
9+
tQ0kfPc/vZ7mH0blnP7DP3BVJ+wMrqhVRZlRv/dZKdQymn3kCPRVPz3s+TTg2x9h
10+
jZTfcgmVija20yWs/cOqwB+H9cNCgkwC86DQOLVOL67+nKXt4lDra23gEf9lqNJB
11+
XtHQZhSFJQEGGetu6wTFTVw7nzKbtAnepwLGyG/mDm0z3rygzFmtw80jkEuhAALZ
12+
wwBVKVsKKMHow4VQi6mKEtZjEG42UxXIeWXOSiKNlq7pd9QZrxdH8CVSvNeV+aAT
13+
IMxXn4ECgYEA1CjLh2yvYPyB7FDoEObEcR+2uedIbOTKufTLLN8u6eDcQ+FtJwPb
14+
AP1s1TmoOcRDlvzTbFZj+PL3dZyakCqUY8QFIFL1viGVVhfYDGIfEFMQ5gFDibJI
15+
acGt3hvQvkCHxZgREWtLDkP8Oa8mHR/BVjKAHPB6nBwy9An/uIzSysECgYEAxNnC
16+
1+p3mFiXhb5mrDaieoCIKueL7w/DRqAHfEbM61/0oDJPpsHrPbDbWwcWwWdveOqn
17+
sQOhySd0tFsC9OhOAGwu55qnonbQW7uRNijuRIxNYsqi9dLTNfyO3neJxzE3LtZe
18+
95HWDJG8s5J/Kd7Ymai6RtK01UMGa0josSCwgr8CgYBP92hvjPm1trdJ2Vz/MdwN
19+
P4TiIVjdIod++9OxABZwtP6Q32EC+aMMhnkFDYxo6Z8IRBd0mENqTDoVrIddm47+
20+
452DB4H0vjfJkYcvc7R9tLGD4CoSto4wvn3IX/eYHj6OrbiRNj2+DMX/ABN/mr6G
21+
vNYpEkNEoCRcc4BdkUbKgQKBgCbIgIrptwZc7f17td7YJMrd5/YMCJXhFSgk/1SM
22+
3nLBRQEK6IaCTkapQY59pw4TwvKfyMonXQi0rVmbVMnLuxJ6PgODhOONZR+tpL52
23+
8fqvac+8/L5R+yr3x24tPwfvul+P/MXqBbIURIlco5EsRqB/jbPGb7pUqj8Y7j93
24+
oU8hAoGBAM2MnUkMY2in824b2qLZladhy+ng15tUpuyUjYNPkhW9OHcu69SzLjc4
25+
efHltxLv5rWh2U7++8T2wUx1wBywcMqfqBgCyXQSBvWgFsJlc2OXyrsdk+xzY+Le
26+
FhwsVy9OL/X2SHCxMersB/9wjaumjtIkehpONhDh/6h71VTkSfQa
27+
-----END RSA PRIVATE KEY-----

rootfs/api/tests/test_certificate.py

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -99,6 +99,39 @@ def test_get_certificate_screens_data(self):
9999
for key, value in list(expected.items()):
100100
self.assertEqual(response.data[key], value, key)
101101

102+
def test_get_certificate_self_signed(self):
103+
"""
104+
Load a certificate without Common Name (self signed most likely)
105+
"""
106+
with open('{}/certs/{}.key'.format(TEST_ROOT, 'self-signed')) as f:
107+
key = f.read()
108+
109+
with open('{}/certs/{}.cert'.format(TEST_ROOT, 'self-signed')) as f:
110+
cert = f.read()
111+
112+
response = self.client.post(
113+
self.url,
114+
{
115+
'name': 'random-test-cert-self',
116+
'certificate': cert,
117+
'key': key
118+
}
119+
)
120+
self.assertEqual(response.status_code, 201, response.data)
121+
122+
response = self.client.get('{}/{}'.format(self.url, 'random-test-cert-self'))
123+
self.assertEqual(response.status_code, 200, response.data)
124+
125+
expected = {
126+
'common_name': None,
127+
'expires': '2017-08-30T00:51:54Z',
128+
'fingerprint': 'AD:F7:AF:C2:E1:3D:F5:26:47:4E:B9:2D:1C:75:AD:26:6F:05:2C:A7:6F:24:84:A2:8C:39:B3:3F:97:AB:2C:B3', # noqa
129+
'san': [],
130+
'domains': [],
131+
}
132+
for key, value in list(expected.items()):
133+
self.assertEqual(response.data[key], value, key)
134+
102135
def test_certficate_denied_requests(self):
103136
"""Disallow put/patch requests"""
104137
response = self.client.put(self.url)

0 commit comments

Comments
 (0)