summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--interface-definitions/interfaces_wireguard.xml.in12
-rw-r--r--interface-definitions/pki.xml.in32
-rw-r--r--python/vyos/system/image.py2
-rwxr-xr-xsmoketest/scripts/cli/test_pki.py26
4 files changed, 40 insertions, 32 deletions
diff --git a/interface-definitions/interfaces_wireguard.xml.in b/interface-definitions/interfaces_wireguard.xml.in
index f3fe0f1da..fba1064ef 100644
--- a/interface-definitions/interfaces_wireguard.xml.in
+++ b/interface-definitions/interfaces_wireguard.xml.in
@@ -44,9 +44,9 @@
<properties>
<help>Base64 encoded private key</help>
<constraint>
- <regex>[0-9a-zA-Z\+/]{43}=</regex>
+ <validator name="base64"/>
</constraint>
- <constraintErrorMessage>Key is not valid 44-character (32-bytes) base64</constraintErrorMessage>
+ <constraintErrorMessage>Key is not base64-encoded</constraintErrorMessage>
</properties>
</leafNode>
<tagNode name="peer">
@@ -64,18 +64,18 @@
<properties>
<help>base64 encoded public key</help>
<constraint>
- <regex>[0-9a-zA-Z\+/]{43}=</regex>
+ <validator name="base64"/>
</constraint>
- <constraintErrorMessage>Key is not valid 44-character (32-bytes) base64</constraintErrorMessage>
+ <constraintErrorMessage>Key is not base64-encoded</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="preshared-key">
<properties>
<help>base64 encoded preshared key</help>
<constraint>
- <regex>[0-9a-zA-Z\+/]{43}=</regex>
+ <validator name="base64"/>
</constraint>
- <constraintErrorMessage>Key is not valid 44-character (32-bytes) base64</constraintErrorMessage>
+ <constraintErrorMessage>Key is not base64-encoded</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="allowed-ips">
diff --git a/interface-definitions/pki.xml.in b/interface-definitions/pki.xml.in
index a13a357fd..3449819be 100644
--- a/interface-definitions/pki.xml.in
+++ b/interface-definitions/pki.xml.in
@@ -14,6 +14,10 @@
<leafNode name="certificate">
<properties>
<help>CA certificate in PEM format</help>
+ <constraint>
+ <validator name="base64"/>
+ </constraint>
+ <constraintErrorMessage>CA certificate is not base64-encoded</constraintErrorMessage>
</properties>
</leafNode>
#include <include/generic-description.xml.i>
@@ -25,6 +29,10 @@
<leafNode name="key">
<properties>
<help>CA private key in PEM format</help>
+ <constraint>
+ <validator name="base64"/>
+ </constraint>
+ <constraintErrorMessage>CA private key is not base64-encoded</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="password-protected">
@@ -38,6 +46,10 @@
<leafNode name="crl">
<properties>
<help>Certificate revocation list in PEM format</help>
+ <constraint>
+ <validator name="base64"/>
+ </constraint>
+ <constraintErrorMessage>CRL is not base64-encoded</constraintErrorMessage>
<multi/>
</properties>
</leafNode>
@@ -57,6 +69,10 @@
<leafNode name="certificate">
<properties>
<help>Certificate in PEM format</help>
+ <constraint>
+ <validator name="base64"/>
+ </constraint>
+ <constraintErrorMessage>Certificate is not base64-encoded</constraintErrorMessage>
</properties>
</leafNode>
#include <include/generic-description.xml.i>
@@ -68,6 +84,10 @@
<leafNode name="key">
<properties>
<help>Certificate private key in PEM format</help>
+ <constraint>
+ <validator name="base64"/>
+ </constraint>
+ <constraintErrorMessage>Certificate private key is not base64-encoded</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="password-protected">
@@ -94,6 +114,10 @@
<leafNode name="parameters">
<properties>
<help>DH parameters in PEM format</help>
+ <constraint>
+ <validator name="base64"/>
+ </constraint>
+ <constraintErrorMessage>DH parameters are not base64-encoded</constraintErrorMessage>
</properties>
</leafNode>
</children>
@@ -111,6 +135,10 @@
<leafNode name="key">
<properties>
<help>Public key in PEM format</help>
+ <constraint>
+ <validator name="base64"/>
+ </constraint>
+ <constraintErrorMessage>Public key is not base64-encoded</constraintErrorMessage>
</properties>
</leafNode>
</children>
@@ -123,6 +151,10 @@
<leafNode name="key">
<properties>
<help>Private key in PEM format</help>
+ <constraint>
+ <validator name="base64"/>
+ </constraint>
+ <constraintErrorMessage>Private key is not base64-encoded</constraintErrorMessage>
</properties>
</leafNode>
<leafNode name="password-protected">
diff --git a/python/vyos/system/image.py b/python/vyos/system/image.py
index c03ce02d5..514275654 100644
--- a/python/vyos/system/image.py
+++ b/python/vyos/system/image.py
@@ -241,7 +241,7 @@ def validate_name(image_name: str) -> bool:
Returns:
bool: validation result
"""
- regex_filter = re_compile(r'^[\w\.+-]{1,32}$')
+ regex_filter = re_compile(r'^[\w\.+-]{1,64}$')
if regex_filter.match(image_name):
return True
return False
diff --git a/smoketest/scripts/cli/test_pki.py b/smoketest/scripts/cli/test_pki.py
index b18b0b039..2ccc63b2c 100755
--- a/smoketest/scripts/cli/test_pki.py
+++ b/smoketest/scripts/cli/test_pki.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2021 VyOS maintainers and contributors
+# Copyright (C) 2021-2024 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -186,30 +186,6 @@ class TestPKI(VyOSUnitTestSHIM.TestCase):
with self.assertRaises(ConfigSessionError):
self.cli_commit()
- def test_invalid_certificate(self):
- self.cli_set(base_path + ['certificate', 'smoketest', 'certificate', 'invalidcertdata'])
-
- with self.assertRaises(ConfigSessionError):
- self.cli_commit()
-
- def test_invalid_public_key(self):
- self.cli_set(base_path + ['key-pair', 'smoketest', 'public', 'key', 'invalidkeydata'])
-
- with self.assertRaises(ConfigSessionError):
- self.cli_commit()
-
- def test_invalid_private_key(self):
- self.cli_set(base_path + ['key-pair', 'smoketest', 'private', 'key', 'invalidkeydata'])
-
- with self.assertRaises(ConfigSessionError):
- self.cli_commit()
-
- def test_invalid_dh_parameters(self):
- self.cli_set(base_path + ['dh', 'smoketest', 'parameters', 'thisisinvalid'])
-
- with self.assertRaises(ConfigSessionError):
- self.cli_commit()
-
def test_certificate_in_use(self):
self.cli_set(base_path + ['certificate', 'smoketest', 'certificate', valid_ca_cert.replace('\n','')])
self.cli_set(base_path + ['certificate', 'smoketest', 'private', 'key', valid_ca_private_key.replace('\n','')])