From 0e8ca0c02a49b052b4afb924a65d710aa8bdf548 Mon Sep 17 00:00:00 2001
From: Matteo Valentini <matteo.valentini@nethesis.it>
Date: Wed, 4 Sep 2024 18:14:05 +0200
Subject: [PATCH] upload-certificate: add validation on CN field

Check if the uploaded certificate's CN field is missing or empty.
---
 .../actions/upload-certificate/21validate_certificates    | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/imageroot/actions/upload-certificate/21validate_certificates b/imageroot/actions/upload-certificate/21validate_certificates
index f57be95..ef14578 100755
--- a/imageroot/actions/upload-certificate/21validate_certificates
+++ b/imageroot/actions/upload-certificate/21validate_certificates
@@ -41,6 +41,14 @@ if ! openssl x509 -text -noout -in $CERT_FILE >/dev/null 2>&1; then
     exit 4
 fi
 
+# check it the common name is present and is not empty
+cn_name=$(openssl x509 -noout -subject -nameopt=multiline -in $CERT_FILE | sed -n 's/ *commonName *= //p')
+if [ -z "$cn_name" ]; then
+    echo "Certificate doesn't have a common name."
+    del_certs
+    exit 5
+fi
+
 # check if cert is provided by key (we compare md5 of public keys)
 cert_public_key="$(openssl x509 -noout -pubkey -in  $CERT_FILE | openssl md5)"
 key_public_key="$(openssl  pkey -pubout -in $KEY_FILE | openssl md5)"