Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

when using ottca enrollment er->cert is null and segfaults on strlen #680

Merged
merged 3 commits into from
Jul 1, 2024
Merged

when using ottca enrollment er->cert is null and segfaults on strlen #680

merged 3 commits into from
Jul 1, 2024

Conversation

dovholuknf
Copy link
Member

@dovholuknf dovholuknf commented Jun 29, 2024
edited
Loading

fixes ottca enrollment

build release-1.x/main- run the steps below - observe segfault
rebuild this branch - run the steps below - observe success and head -5 clint.json will show cert/key being paths in the identity file

steps:


# build ...
sampleEnroller="$(find . -type f -name "sample_enroll" -executable)"

# Define variables
caName="my-third-party-ca"
zitiUser="admin"
zitiPwd="admin"
zitiCtrl="localhost:1280"

# Login to Ziti
ziti edge login $zitiCtrl -u $zitiUser -p $zitiPwd -y

# Define the PKI root directory
zitiPkiRoot="${PWD}"

# Remove the directory recursively
rm -rf ${zitiPkiRoot}/pki/


# Create a CA
ziti pki create ca --pki-root "${zitiPkiRoot}" --ca-file "$caName"
rootCa=$(find . -name "${caName}.cert" -print -quit)

# Create the CA on the Ziti controller
ziti edge create ca "$caName" "$rootCa" --auth --ottca

# Get the verification token
verificationToken=$(ziti edge list cas -j | jq -r ".data | map(select(.name == \"$caName\"))[0].verificationToken")

# Create a client certificate
ziti pki create client --pki-root "${zitiPkiRoot}" --ca-name "$caName" --client-file "$verificationToken" --client-name "$verificationToken"
verificationCert=$(find . -name "${verificationToken}.cert" -print -quit)

# Verify the CA
ziti edge verify ca $caName --cert $verificationCert

# Create a new user
newUser="clint"
ziti edge delete identity "$newUser"
newUserName="clint-cn"
ziti pki create client --pki-root "${zitiPkiRoot}" --ca-name "$caName" --client-file "$newUser" --client-name "$newUserName"
newUserCert=$(find . -name "${newUser}.cert" -print -quit)
newUserKey=$(find . -name "${newUser}.key" -print -quit)
ziti edge create identity $newUser --external-id "$newUserName"

# Create an OTT enrollment for the new user
ziti edge create enrollment ottca $newUser $caName

# Get the OTTCA JWT
ottcajwt=$(ziti edge list identities "name contains \"$newUser\"" -j | jq -r '.data[].enrollment.ottca.jwt')

# Write the JWT to a file without a newline at the end
echo -n "$ottcajwt" > "${newUser}.jwt"

# Remove the JSON file
rm "${newUser}.json"

$sampleEnroller "${newUser}.jwt" "${newUser}.json" $newUserKey $newUserCert

@dovholuknf dovholuknf requested a review from a team as a code owner June 29, 2024 01:52
@qrkourier
Copy link
Member

Potentially-related issues:

@dovholuknf dovholuknf mentioned this pull request Jul 1, 2024
Closed
@dovholuknf dovholuknf merged commit e8fb572 into release-1.x Jul 1, 2024
9 of 10 checks passed
@dovholuknf dovholuknf deleted the fix-ottca-enrollment branch July 1, 2024 17:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@scareything scareything scareything approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dovholuknf @qrkourier @scareything