[Pulp-list] pulp3 remote ca_cert
Dennis Kliban
dkliban at redhat.com
Wed Jan 8 16:21:14 UTC 2020
On Wed, Jan 8, 2020 at 11:06 AM Bin Li (BLOOMBERG/ 120 PARK) <
bli111 at bloomberg.net> wrote:
>
> Also tried to compare the hexdigest from the ca_cert input string
>
> hashlib.sha256(bytes(ca_cert_string, "utf8")).hexdigest()
>
>
That should work. Pulp does the exact same thing when serializing these
fields[0]. Can you please file an issue?
[0]
https://github.com/pulp/pulpcore/blob/master/pulpcore/app/serializers/fields.py#L289
> It is still doesn't match what pulp gives. What else should I try?
>
> Thanks
>
>
>
> From: Bin Li (BLOOMBERG/ 120 PARK) At: 01/08/20 10:29:19
> To: dkliban at redhat.com
> Cc: pulp-list at redhat.com
> Subject: Re: [Pulp-list] pulp3 remote ca_cert
>
> Thanks. I tried this.
> # openssl dgst -sha256 redhat-uep.pem
> SHA256(redhat-uep.pem)=
> 39e65fabe7560d366be3bc4d133bcdef13e30d41ac552a05d182e2f66395422d
>
> It doesn't match the ca_cert in pulp. Just wondering how exactly pulp GET
> the Sha256 sum.
>
> From: dkliban at redhat.com At: 01/07/20 16:23:34
> To: Bin Li (BLOOMBERG/ 120 PARK ) <bli111 at bloomberg.net>
> Cc: pulp-list at redhat.com
> Subject: Re: [Pulp-list] pulp3 remote ca_cert
>
> The values returned are SHA256 checksums of the strings you initially
> submitted. This is documented in the Response section here[0].
>
> [0]
> https://docs.pulpproject.org/restapi.html#operation/remotes_file_file_read
>
> On Tue, Jan 7, 2020 at 1:49 PM Bin Li (BLOOMBERG/ 120 PARK) <
> bli111 at bloomberg.net> wrote:
>
>> Happy new year.
>>
>> I want to compare the cert configured in pulp with our current valid
>> entitlement cert. If they are different, the cert in pulp will be updated.
>> The question is if it is possible to compare since they always look
>> different?
>>
>> When I list a remote, the certs are showed like below
>> {
>> "ca_cert":
>> "b8bd944ff40f1756c08743800453b724f133029725dc762ed9ce6504a828a5ec",
>> "client_cert":
>> "d24baa45b4b554e782dd134e6c5f1eb1f88e1d88122d3d417b05f7f8153954a1",
>> "client_key":
>> "55ece66e807b5c979f425e55f90958b8fbc769320a0bdb5f4c3563464e8c9530",
>> ...
>> }
>>
>> This is different than the cert when I created the remote:
>> ('-----BEGIN CERTIFICATE-----\n'
>> 'MIIG/TCCBOWgAwIBAgIBNzANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMCVVMx\n'
>> 'FzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRYwFAYDVQQKDA1SZWQgSGF0LCBJbmMu\n'
>> 'MRgwFgYDVQQLDA9SZWQgSGF0IE5ldHdvcmsxMTAvBgNVBAMMKFJlZCBIYXQgRW50\n'
>> 'aXRsZW1lbnQgT3BlcmF0aW9ucyBBdXRob3JpdHkxJDAiBgkqhkiG9w0BCQEWFWNh\n'
>> 'LXN1cHBvcnRAcmVkaGF0LmNvbTAeFw0xMDEwMDQxMzI3NDhaFw0zMDA5MjkxMzI3\n'
>> 'NDhaMIGuMQswCQYDV...
>>
>>
>>
>> _______________________________________________
>> Pulp-list mailing list
>> Pulp-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/pulp-list
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20200108/791122b1/attachment.htm>
More information about the Pulp-list
mailing list