search

chef-boneyard / windows

Development repository for Chef Cookbook windows
https://supermarket.chef.io/cookbooks/windows
Apache License 2.0
253 stars 270 forks source link

Passwords with special characters don't get escaped for powershell commands #582

Closed chadmccune closed 5 years ago

chadmccune commented 6 years ago

Cookbook version

5.1.3

Chef-client version

14.5.33

Platform Details

Windows Server 2k16

Scenario:

If pfx password contains special characters like $ or \, they are not escaped and the resource fails with an error message that is not accurate of the true problem: "ArgumentError: invalid byte sequence in UTF-8"

Steps to Reproduce:

Create a pfx with a password containing $

Expected Result:

Certificate should install as expected

Actual Result:

ArgumentError: invalid byte sequence in UTF-8

welcomebot commented 6 years ago

Hey There It looks like this is the first issue you've filed against the chef-cookbooks project. I'm here to offer you a bit of extra help to make sure we can quickly get back to you. Make sure you've filled out all the fields in our issue template. Make sure you've provided us with the version of chef-client you're running, your operating system and the version of the cookbook. If you're not using the most up to date version of the cookbook then please make sure to update first. Lots of things change between versions even if you're issue isn't listed in the changelog. Finally please give us a detailed description of the issue you're having. The more we know about what you're trying to do, what actually happens, and how you can reproduce the problem, the better.

If you're looking for more immediate troubleshooting help make sure to check out #general on the Chef Community Slack. There's plenty of folks there willing to lend a helping hand. Thanks for the first issue. We hope we can get back to you soon with a solution.

dheerajd-msys commented 5 years ago

Hi @chadmccune, pfx_password property doesn't allow non-English OR any special characters to be included in the certificate.

Please check : https://social.msdn.microsoft.com/Forums/en-US/0c509e19-7c5f-4f6f-8b74-8191c3c8bd02/unable-to-import-pfx-certificate-in-automation?forum=azureautomation

Also I've check it manually : 

PS E:\Backup\Project\chef-starter\chef-repo\cookbooks> openssl pkcs12 -in C:/certs/test-cert.pfx -nodes -passin pass:che$f123
Mac verify error: invalid password?

PS E:\Backup\Project\chef-starter\chef-repo\cookbooks> openssl pkcs12 -in C:/certs/test-cert.pfx -nodes -passin pass:che@f123
Mac verify error: invalid password?

PS E:\Backup\Project\chef-starter\chef-repo\cookbooks> openssl pkcs12 -in C:/certs/test-cert.pfx -nodes -passin pass:che%f123
Mac verify error: invalid password?

PS E:\Backup\Project\chef-starter\chef-repo\cookbooks> openssl pkcs12 -in C:/certs/test-cert.pfx -nodes -passin pass:che.f123
Mac verify error: invalid password?

PS E:\Backup\Project\chef-starter\chef-repo\cookbooks> openssl pkcs12 -in C:/certs/test-cert.pfx -nodes -passin pass:che!f123
Mac verify error: invalid password?

PS E:\Backup\Project\chef-starter\chef-repo\cookbooks> openssl pkcs12 -in C:/certs/test-cert.pfx -nodes -passin pass:che\\!f123
Mac verify error: invalid password?

PS E:\Backup\Project\chef-starter\chef-repo\cookbooks> openssl pkcs12 -in C:/certs/test-cert.pfx -nodes -passin pass:che\!f123
Mac verify error: invalid password?

PS E:\Backup\Project\chef-starter\chef-repo\cookbooks> openssl pkcs12 -in C:/certs/test-cert.pfx -nodes -passin pass:che^f123
Mac verify error: invalid password?

So we are working on to send proper validation message for same.

Thank you.

dheerajd-msys commented 5 years ago

HI @chadmccune, Please ignore my above comments. I've fixed the issue in PRs attached to this issue.

Thanks