[Pki-devel] [PATCH] 0036 Use SimpleProperties to handle raw profile format
Fraser Tweedale
ftweedal at redhat.com
Thu May 21 14:37:45 UTC 2015
On Tue, May 19, 2015 at 10:42:28AM -0500, Endi Sukma Dewata wrote:
> On 5/19/2015 8:20 AM, Fraser Tweedale wrote:
> >This patch fixes an issue when handling the "raw" (property-list)
> >profile format.
>
> There seems to be a dependency issue. The SimpleProperties belongs to the
> server package, and the pki CLI belongs to the tools package which may exist
> on a client machine without the server packages. Does build work?
>
> I think there are two ways to resolve this:
>
> 1. Move SimpleProperties into the common package (e.g.
> com.netscape.certsrv.base) and undo the new dependencies added for cmscore.
>
> 2. We keep two profile formats:
> * SimpleProperties for profile configs stored in instance folder
> * Properties for profile configs accessed via REST
> The profile configs stored in LDAP can use either format. The REST
> service/profile subsystem will act as a translator between the two formats.
>
> With option #2 a problem with might happen if we retrieve a profile config
> via REST then store it directly in the instance folder or in LDAP, or vice
> versa. If we stick to one mechanism we wouldn't see a problem.
>
> Considering we're going to remove the profile configs in the instance folder
> eventually (and possibly changing the LDAP format to be platform agnostic)
> there would be less risk of intermixing the two formats. But if it's still
> considered a risk anyway then we should go with option #1.
>
> --
> Endi S. Dewata
Thanks Endi for the review. Updated patch attached - with it I took
a different approach: in ProfileService first read the file with
Properties then copy the data into a SimpleProperties for writing
out to storage. Thus no changes to client needed.
Cheers,
Fraser
-------------- next part --------------
>From 44e6043dea0d5b6bc36ddd9e70a485493b8d8316 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal at redhat.com>
Date: Thu, 21 May 2015 02:43:31 -0400
Subject: [PATCH] Use SimpleProperties to handle raw profile format
The store() method of the 'Properties' class escapes '=' and ':' in
values, corrupting the profile data. Continue using 'Properties' to
read the input (unescaping values) then copy the properties into a
'SimpleProperties' object so that unwanted backslashes do not appear
in the output.
---
.../dogtagpki/server/ca/rest/ProfileService.java | 23 ++++++++++++++++++++--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/base/ca/src/org/dogtagpki/server/ca/rest/ProfileService.java b/base/ca/src/org/dogtagpki/server/ca/rest/ProfileService.java
index 78f89b01231c17128c1fcea5fe3d38e073a5efc7..0e708f4f447dcf3904a2ea9f5daaadb3e2273086 100644
--- a/base/ca/src/org/dogtagpki/server/ca/rest/ProfileService.java
+++ b/base/ca/src/org/dogtagpki/server/ca/rest/ProfileService.java
@@ -80,6 +80,7 @@ import com.netscape.cms.realm.PKIPrincipal;
import com.netscape.cms.servlet.base.PKIService;
import com.netscape.cms.servlet.profile.PolicyConstraintFactory;
import com.netscape.cms.servlet.profile.PolicyDefaultFactory;
+import com.netscape.cmscore.base.SimpleProperties;
/**
* @author alee
@@ -537,6 +538,8 @@ public class ProfileService extends PKIService implements ProfileResource {
Map<String, String> auditParams = new LinkedHashMap<String, String>();
String profileId = null;
String classId = null;
+ // First read the data into a Properties to process escaped
+ // separator characters (':', '=') in values
Properties properties = new Properties();
try {
// load data and read profileId and classId
@@ -555,9 +558,16 @@ public class ProfileService extends PKIService implements ProfileResource {
properties.remove("profileId");
properties.remove("classId");
+ // Now copy into SimpleProperties to avoid unwanted escapes
+ // of separator characters in output
+ SimpleProperties simpleProperties = new SimpleProperties();
+ for (String k : properties.stringPropertyNames()) {
+ simpleProperties.setProperty(k, properties.getProperty(k));
+ }
+
try {
ByteArrayOutputStream out = new ByteArrayOutputStream();
- properties.store(out, null);
+ simpleProperties.store(out, null);
data = out.toByteArray(); // original data sans profileId, classId
IProfile profile = ps.getProfile(profileId);
@@ -655,6 +665,8 @@ public class ProfileService extends PKIService implements ProfileResource {
throw new BadRequestException("Cannot change profile data. Profile must be disabled");
}
+ // First read the data into a Properties to process escaped
+ // separator characters (':', '=') in values
Properties properties = new Properties();
try {
properties.load(new ByteArrayInputStream(data));
@@ -664,6 +676,13 @@ public class ProfileService extends PKIService implements ProfileResource {
properties.remove("profileId");
properties.remove("classId");
+ // Now copy into SimpleProperties to avoid unwanted escapes
+ // of separator characters in output
+ SimpleProperties simpleProperties = new SimpleProperties();
+ for (String k : properties.stringPropertyNames()) {
+ simpleProperties.setProperty(k, properties.getProperty(k));
+ }
+
try {
IProfile profile = ps.getProfile(profileId);
if (profile == null) {
@@ -671,7 +690,7 @@ public class ProfileService extends PKIService implements ProfileResource {
}
ByteArrayOutputStream out = new ByteArrayOutputStream();
- properties.store(out, null);
+ simpleProperties.store(out, null);
data = out.toByteArray(); // original data sans profileId, classId
profile.getConfigStore().load(new ByteArrayInputStream(data));
--
2.1.0
More information about the Pki-devel
mailing list