From 3edfadbdadd249b165bd4988fee6fa482697d456 Mon Sep 17 00:00:00 2001 From: Sunil Ganatra Date: Tue, 27 Jan 2026 10:48:32 +0530 Subject: [PATCH] AMBARI-26569 Added fix for two-way ssl --- ambari-agent/src/main/python/ambari_agent/security.py | 10 +++++----- .../src/test/python/ambari_agent/TestSecurity.py | 3 +++ 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/ambari-agent/src/main/python/ambari_agent/security.py b/ambari-agent/src/main/python/ambari_agent/security.py index 10410a5959d..2c55a205a54 100644 --- a/ambari-agent/src/main/python/ambari_agent/security.py +++ b/ambari-agent/src/main/python/ambari_agent/security.py @@ -247,7 +247,7 @@ def getSrvrCrtName(self): def checkCertExists(self): s = os.path.abspath(self.config.get("security", "keysdir")) + os.sep + "ca.crt" - server_crt_exists = os.path.exists(s) + server_crt_exists = os.path.exists(s) and os.path.getsize(s) > 0 if not server_crt_exists: logger.info("Server certicate not exists, downloading") @@ -255,7 +255,7 @@ def checkCertExists(self): else: logger.info("Server certicate exists, ok") - agent_key_exists = os.path.exists(self.getAgentKeyName()) + agent_key_exists = os.path.exists(self.getAgentKeyName()) and os.path.getsize(self.getAgentKeyName()) > 0 if not agent_key_exists: logger.info("Agent key not exists, generating request") @@ -263,7 +263,7 @@ def checkCertExists(self): else: logger.info("Agent key exists, ok") - agent_crt_exists = os.path.exists(self.getAgentCrtName()) + agent_crt_exists = os.path.exists(self.getAgentCrtName()) and os.path.getsize(self.getAgentCrtName()) > 0 if not agent_crt_exists: logger.info("Agent certificate not exists, sending sign request") @@ -280,7 +280,7 @@ def loadSrvrCrt(self): response = stream.read() stream.close() srvr_crt_f = open(self.getSrvrCrtName(), "w+") - srvr_crt_f.write(response) + srvr_crt_f.write(response if isinstance(response, str) else response.decode('utf-8')) srvr_crt_f.close() def reqSignCrt(self): @@ -291,7 +291,7 @@ def reqSignCrt(self): passphrase_env_var = self.config.get("security", "passphrase_env_var_name") passphrase = os.environ[passphrase_env_var] register_data = {"csr": agent_crt_req_content, "passphrase": passphrase} - data = json.dumps(register_data) + data = json.dumps(register_data).encode('utf-8') proxy_handler = urllib.request.ProxyHandler({}) opener = urllib.request.build_opener(proxy_handler) urllib.request.install_opener(opener) diff --git a/ambari-agent/src/test/python/ambari_agent/TestSecurity.py b/ambari-agent/src/test/python/ambari_agent/TestSecurity.py index 80093d76f71..40d75fac2b0 100644 --- a/ambari-agent/src/test/python/ambari_agent/TestSecurity.py +++ b/ambari-agent/src/test/python/ambari_agent/TestSecurity.py @@ -156,6 +156,7 @@ def test_getSrvrCrtName(self): self.assertEqual(res, os.path.abspath("/dummy-keysdir/ca.crt")) @patch("os.path.exists") + @patch("os.path.getsize") @patch.object(security.CertificateManager, "loadSrvrCrt") @patch.object(security.CertificateManager, "getAgentKeyName") @patch.object(security.CertificateManager, "genAgentCrtReq") @@ -169,6 +170,7 @@ def test_checkCertExists( getAgentKeyName_mock, loadSrvrCrt_mock, exists_mock, + getsize_mock, ): self.config.set("security", "keysdir", "/dummy-keysdir") getAgentKeyName_mock.return_value = "dummy AgentKeyName" @@ -177,6 +179,7 @@ def test_checkCertExists( # Case when all files exist exists_mock.side_effect = [True, True, True] + getsize_mock.return_value = 100 man.checkCertExists() self.assertFalse(loadSrvrCrt_mock.called) self.assertFalse(genAgentCrtReq_mock.called)