From 57ed0533c65d33a87fa4c18d70b622ea2aa35f16 Mon Sep 17 00:00:00 2001
From: Arzhan Kinzhalin <arzhan.i.kinzhalin@intel.com>
Date: Tue, 7 Nov 2017 08:14:39 +0000
Subject: [PATCH] Handle spaces in filenames properly.

---
 clrtrust                                 | 18 +++++-----
 test/add-remove-with-spaces.bats         | 44 ++++++++++++++++++++++++
 test/certs/Baltimore CyberTrust Root.crt | 21 +++++++++++
 3 files changed, 75 insertions(+), 8 deletions(-)
 create mode 100755 test/add-remove-with-spaces.bats
 create mode 100644 test/certs/Baltimore CyberTrust Root.crt

diff --git a/clrtrust b/clrtrust
index 5348bd4..5342b36 100755
--- a/clrtrust
+++ b/clrtrust
@@ -34,7 +34,7 @@ is_root_ca() {
     # if issuer and subject match, then it's a self-signed certificate, the only
     # indication of a Root CA we need to take into account (X.509v3 extensions
     # are not)
-    t=$(openssl x509 -in $1 -noout -issuer -subject 2>/dev/null      \
+    t=$(openssl x509 -in "$1" -noout -issuer -subject 2>/dev/null      \
             | sed -e 's/^\(issuer\|subject\)=//' | uniq | wc -l)
     test $t -eq 1
 }
@@ -161,7 +161,9 @@ $tmp"
     mkdir -p $CLR_STORE_STAGE/anchors
     mkdir -p $CLR_STORE_STAGE/compat
 
-    echo "${ca_certs}" | cut -f 1 | xargs cp -t $CLR_STORE_STAGE/anchors
+    if [ ! -z "${ca_certs}" ]; then
+        echo "${ca_certs}" | cut -f 1 | xargs -d '\n' cp -t $CLR_STORE_STAGE/anchors
+    fi
 
     if ! (cd $CLR_STORE_STAGE/anchors && c_rehash . >/dev/null 2>&1); then
         1>&2 echo "Error rehashing the anchors."
@@ -284,8 +286,8 @@ EOF
                 continue
             fi
         fi
-        fname=$(basename $f)
-        if [ -f $CLR_LOCAL_TRUST_SRC/trusted/$fname ]; then
+        fname=$(basename "$f")
+        if [ -f "$CLR_LOCAL_TRUST_SRC/trusted/$fname" ]; then
             # FIXME: it's not a duplicate, should really not be picky about file
             # names.
             echo "File $fname already exists."
@@ -492,9 +494,9 @@ $1"
             # if certificate is provided by clear trust store, distrust it,
             # otherwise remove it
             if [ $(dirname $f) = $CLR_CLEAR_TRUST_SRC/trusted ]; then
-                cp $f $CLR_LOCAL_TRUST_SRC/distrusted
+                cp "$f" $CLR_LOCAL_TRUST_SRC/distrusted
             else
-                rm $f
+                rm "$f"
             fi
         done
         cmd_generate
@@ -573,7 +575,7 @@ case $COMMAND in
         exit $?
         ;;
     add)
-        cmd_add $*
+        cmd_add "$@"
         exit $?
         ;;
     list)
@@ -581,7 +583,7 @@ case $COMMAND in
         exit $?
         ;;
     remove)
-        cmd_remove $*
+        cmd_remove "$@"
         exit $?
         ;;
     restore|check)
diff --git a/test/add-remove-with-spaces.bats b/test/add-remove-with-spaces.bats
new file mode 100755
index 0000000..366b29e
--- /dev/null
+++ b/test/add-remove-with-spaces.bats
@@ -0,0 +1,44 @@
+#!/usr/bin/env bats
+# Copyright 2017 Intel Corporation
+
+load test_lib
+
+setup() {
+    find_clrtrust
+    setup_fs
+    cp $CERTS/c1.pem "$CLR_CLEAR_TRUST_SRC/trusted/COMODO RSA Certification Authority.pem"
+}
+
+@test "add, remove files with spaces in names" {
+    $CLRTRUST generate
+    cnt=$(ls $STORE/anchors | wc -l)
+    [ $cnt -eq 2 ] # file and symlink
+    run $CLRTRUST list
+    [ $status -eq 0 ]
+    cnt=$(echo "$output"| grep ^id | wc -l)
+    [ $cnt -eq 1 ]
+    # add file with spaces
+    $CLRTRUST add $CERTS/'Baltimore CyberTrust Root.crt'
+    run $CLRTRUST list
+    cnt=$(echo "$output" | grep ^id | wc -l)
+    [ $cnt -eq 2 ]
+    $CLRTRUST add $CERTS/c2.pem
+    run $CLRTRUST list
+    cnt=$(echo "$output" | grep ^id | wc -l)
+    [ $cnt -eq 3 ]
+    $CLRTRUST remove $CERTS/'Baltimore CyberTrust Root.crt' $CERTS/c2.pem
+    run $CLRTRUST list
+    cnt=$(echo "$output" | grep ^id | wc -l)
+    [ $cnt -eq 1 ]
+    $CLRTRUST remove "$CLR_CLEAR_TRUST_SRC/trusted/COMODO RSA Certification Authority.pem"
+    run $CLRTRUST list
+    cnt=$(echo "$output" | grep ^id | wc -l)
+    [ $cnt -eq 0 ]
+}
+
+teardown() {
+    true
+    #remove_fs
+}
+
+# vim: ft=sh:sw=4:ts=4:et:tw=80:si:noai:nocin
diff --git a/test/certs/Baltimore CyberTrust Root.crt b/test/certs/Baltimore CyberTrust Root.crt
new file mode 100644
index 0000000..519028c
--- /dev/null
+++ b/test/certs/Baltimore CyberTrust Root.crt	
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
+RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
+VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX
+DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y
+ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy
+VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr
+mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr
+IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK
+mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu
+XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy
+dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye
+jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1
+BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3
+DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92
+9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx
+jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0
+Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz
+ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS
+R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
+-----END CERTIFICATE-----