From 84d2c94badb728e82d13f4dbdb5a0c20adee5370 Mon Sep 17 00:00:00 2001
From: Rodolphe Breard <rodolphe@what.tf>
Date: Wed, 24 Apr 2019 19:42:52 +0200
Subject: [PATCH] Use the base64-encoded account name for file names

The account public and private keys are stored in files with names
derives from the account name itself. Because the account name may
contain characters incompatible with a file name, it needs to be
sanitized. Additionally, the account files does not need to be publicly
accessed, therefore their name should only be deterministic. This last
property allows to use a simple solution for sanitation: encode the name
in base64. This way, it is deterministic, unique for each account and
only contains safe characters.
Note the base64 variant used is, as for the ACME protocol, the one with
the URL and filename safe alphabet

https://tools.ietf.org/html/rfc4648#section-5
---
 acmed/src/storage.rs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/acmed/src/storage.rs b/acmed/src/storage.rs
index 8b2cb59..20fea3f 100644
--- a/acmed/src/storage.rs
+++ b/acmed/src/storage.rs
@@ -1,3 +1,4 @@
+use crate::acme_proto::b64_encode;
 use crate::certificate::Certificate;
 use crate::error::Error;
 use crate::hooks::{self, FileStorageHookData};
@@ -44,7 +45,7 @@ fn get_file_full_path(
     let file_name = match file_type {
         FileType::AccountPrivateKey | FileType::AccountPublicKey => format!(
             "{account}.{file_type}.{ext}",
-            account = cert.account.name,
+            account = b64_encode(&cert.account.name),
             file_type = file_type.to_string(),
             ext = "pem"
         ),