Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] TLS examples don't work with default bash IFS #495

Open
vt102 opened this issue Jun 27, 2022 · 1 comment
Open

[BUG] TLS examples don't work with default bash IFS #495

vt102 opened this issue Jun 27, 2022 · 1 comment
Labels
bug Something isn't working

Comments

@vt102
Copy link
Contributor

vt102 commented Jun 27, 2022

Describe the bug
In https://github.com/aws/aws-app-mesh-examples/blob/main/walkthroughs/tls-with-acm/README.md Step 2: Create a Certificate, the aws acm-pca issue-certificate step fails as follows:

[ec2-user@ip-172-31-70-72 ~]$ ROOT_CA_CSR=`aws acm-pca get-certificate-authority-csr \
>     --certificate-authority-arn ${ROOT_CA_ARN} \
>     --query Csr --output text`
[ec2-user@ip-172-31-70-72 ~]$ AWS_CLI_VERSION=$(aws --version 2>&1 | cut -d/ -f2 | cut -d. -f1)
[[ ${AWS_CLI_VERSION} -gt 1 ]] && ROOT_CA_CSR="$(echo ${ROOT_CA_CSR} | base64)"[ec2-user@ip-172-31-70-72 ~]$ [[ ${AWS_CLI_VERSION} -gt 1 ]] && ROOT_CA_CSR="$(echo ${ROOT_CA_CSR} | base64)"
[ec2-user@ip-172-31-70-72 ~]$ ROOT_CA_CERT_ARN=`aws acm-pca issue-certificate \
>     --certificate-authority-arn ${ROOT_CA_ARN} \
>     --template-arn arn:aws:acm-pca:::template/RootCACertificate/V1 \
>     --signing-algorithm SHA256WITHRSA \
>     --validity Value=10,Type=YEARS \
>     --csr "${ROOT_CA_CSR}" \
>     --query CertificateArn --output text`

An error occurred (ValidationException) when calling the IssueCertificate operation: 1 validation error detected: Value at 'csr' failed to satisfy constraint: Member must satisfy regular expression pattern: -----BEGIN CERTIFICATE REQUEST-----\r?\n([A-Za-z0-9/+]{64}\r?\n)*[A-Za-z0-9/+]{1,64}={0,2}\r?\n-----END CERTIFICATE REQUEST-----(\r?\n)?.
[ec2-user@ip-172-31-70-72 ~]$ echo $ROOT_CA_CSR | base64 -d
-----BEGIN CERTIFICATE REQUEST----- MIIC6jCCAdICAQAwgYIxCbase64: invalid input

The issue appears to be the CSR format:

[ec2-user@ip-172-31-70-72 ~]$ ROOT_CA_CSR=`aws acm-pca get-certificate-authority-csr \
>     --certificate-authority-arn ${ROOT_CA_ARN} \
>     --query Csr --output text`
[ec2-user@ip-172-31-70-72 ~]$ echo $ROOT_CA_CSR
-----BEGIN CERTIFICATE REQUEST----- MIIC6jCCAdICAQAwgYIxCzAJBgNVBAYTAlVTMRowGAYDVQQKDBFBcHAgTWVzaCBF eGFtcGxlczEUMBIGA1UECwwLVExTIEV4YW1wbGUxCzAJBgNVBAgMAldBMSIwIAYD ...teaKGrewvobYC8EKU2MMNfM+TNYeO9OBGgc74iamdXIPB9WWYCX9a0AIpRcenO0C 0eIZIIC8q/Ohy5o0E5epoKLnHX1xsqcfbsO1tkWI -----END CERTIFICATE REQUEST-----

The cause of this weird formatting appears to be due to BASH's IFS (internal field separator) behavior.

[ec2-user@ip-172-31-70-72 ~]$ printf '%q\n' "$IFS"
$' \t\n'
[ec2-user@ip-172-31-70-72 ~]$ FOO=`cat foo.txt`
[ec2-user@ip-172-31-70-72 ~]$ echo $FOO
foo bar baz
[ec2-user@ip-172-31-70-72 ~]$ IFS=
[ec2-user@ip-172-31-70-72 ~]$ printf '%q\n' "$IFS"
''
[ec2-user@ip-172-31-70-72 ~]$ FOO=`cat foo.txt`
[ec2-user@ip-172-31-70-72 ~]$ echo $FOO
foo
bar
baz

Platform
Amazon Linux 4.14.281-212.502.amzn2.x86_64, bash 4.2.46(2)

To Reproduce
Steps to reproduce the behavior:

  1. Confirm you have the default IFS for bash:
[ec2-user@ip-172-31-70-72 ~]$ printf '%q\n' "$IFS"
$' \t\n'
  1. Walk through steps of https://github.com/aws/aws-app-mesh-examples/blob/main/walkthroughs/tls-with-acm/README.md#step-2-create-a-certificate
@vt102 vt102 added the bug Something isn't working label Jun 27, 2022
@vt102
Copy link
Contributor Author

vt102 commented Jun 27, 2022

I'll work up a PR soon.

@bendu bendu mentioned this issue Jun 30, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vt102