TT#60850 fix api cert unique serial generator

the client cert serial was taken from epoch time in secs. if a computer is fast enough, there is the chance a subsequent POST /admincert did not invalidate the old cert properly (as expected by api-cert-auth.t), but created an identical one. Change-Id: Ifd906489029efd17df0997c5aceec3ac1db08fb1
6 years ago · cf6ae55991
parent cdb22d5661
commit cf6ae55991
2 changed files with 10 additions and 3 deletions
--- a/lib/NGCP/Panel/Utils/Admin.pm
+++ b/lib/NGCP/Panel/Utils/Admin.pm
@ -98,8 +98,13 @@ sub generate_client_cert {

    my $updated;
    my ($serial, $pem, $p12);
-    while (!$updated) {
+    $serial = $c->model('DB')->resultset('admins')->get_column('ssl_client_m_serial')->max();
+    if ($serial) {
+        $serial++;
+    } else {
        $serial = time;
+    }
+    while (!$updated) {
        try {
            $pem = $c->model('CA')->make_client($c, $serial);
            $p12 = $c->model('CA')->make_pkcs12($c, $serial, $pem, 'sipwise');
--- a/t/api-rest/api-cert-auth.t
+++ b/t/api-rest/api-cert-auth.t
@ -16,7 +16,8 @@ my ($invalid_ssl_client_cert, $valid_ssl_client_cert) = _download_certs($uri);
 my ($ua, $res);
 $ua = LWP::UserAgent->new;

-SKIP: {
+SKIP1:
+{
    # invalid cert
    $ua->ssl_opts(
        SSL_cert_file => $invalid_ssl_client_cert,
@ -28,7 +29,8 @@ SKIP: {
    is($res->code, 403, "check invalid client certificate")
        || note ($res->message);
 }
-SKIP: {
+SKIP2:
+{
    $ua->ssl_opts(
        SSL_cert_file => $valid_ssl_client_cert,
        SSL_key_file => $valid_ssl_client_cert,