From 486f8ddb55a7d05a214e444a578714d036199f27 Mon Sep 17 00:00:00 2001
From: Chris Burr <christopher.burr@cern.ch>
Date: Fri, 15 Dec 2023 16:38:05 +0100
Subject: [PATCH] fix: Converting p12 files with filenames containing special
 characters

---
 src/DIRAC/Core/scripts/dirac_cert_convert.py | 24 ++++++++++++--------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/src/DIRAC/Core/scripts/dirac_cert_convert.py b/src/DIRAC/Core/scripts/dirac_cert_convert.py
index f038f17f638..61314fd751a 100644
--- a/src/DIRAC/Core/scripts/dirac_cert_convert.py
+++ b/src/DIRAC/Core/scripts/dirac_cert_convert.py
@@ -6,10 +6,12 @@
 import os
 import sys
 import shutil
+import subprocess
 from datetime import datetime
+from subprocess import PIPE, run, STDOUT
+from tempfile import TemporaryDirectory
 
 from DIRAC import gLogger
-from DIRAC.Core.Utilities.Subprocess import shellCall
 from DIRAC.Core.Base.Script import Script
 
 
@@ -38,15 +40,19 @@ def main():
             shutil.move(old, old + nowPrefix)
 
     # new OpenSSL version require OPENSSL_CONF to point to some accessible location',
-    gLogger.notice("Converting p12 key to pem format")
-    result = shellCall(900, f"export OPENSSL_CONF=/tmp && openssl pkcs12 -nocerts -in {p12} -out {key}")
-    # The last command was successful
-    if result["OK"] and result["Value"][0] == 0:
-        gLogger.notice("Converting p12 certificate to pem format")
-        result = shellCall(900, f"export OPENSSL_CONF=/tmp && openssl pkcs12 -clcerts -nokeys -in {p12} -out {cert}")
+    with TemporaryDirectory() as tmpdir:
+        env = os.environ | {"OPENSSL_CONF": tmpdir}
+        gLogger.notice("Converting p12 key to pem format")
+        cmd = ["openssl", "pkcs12", "-nocerts", "-in", p12, "-out", key]
+        res = run(cmd, env=env, check=False, timeout=900, text=True, stdout=PIPE, stderr=STDOUT)
+        # The last command was successful
+        if res.returncode == 0:
+            gLogger.notice("Converting p12 certificate to pem format")
+            cmd = ["openssl", "pkcs12", "-clcerts", "-nokeys", "-in", p12, "-out", cert]
+            res = run(cmd, env=env, check=False, timeout=900, text=True, stdout=PIPE, stderr=STDOUT)
     # Something went wrong
-    if not result["OK"] or result["Value"][0] != 0:
-        gLogger.fatal(result.get("Message", result["Value"][2]))
+    if res.returncode != 0:
+        gLogger.fatal(res.stdout)
         for old in [cert, key]:
             if os.path.isfile(old + nowPrefix):
                 gLogger.notice(f"Restore {old} file from the {old + nowPrefix}")