Add base classes for representing certificates, bundles, and fingerprints.
Review Request #13158 — Created July 20, 2023 and submitted
This introduces a new
reviewboard.certs
module, which will be used for
all SSL/TLS certificate management support going forward.It currently contains representations for SSL/TLS certificates + keys,
CA bundles (containing root certs and intermediary certs), and
fingerprints.We utilize
cryptography
's certificate support for parsing out
information from a certificate, such as validity dates and fingerprints,
in order to avoid duplication of effort. These are lazily-parsed as
needed. The goal is to avoid loading this information when just passing
around basic certificate information.Going forward, the plans are to introduce a
CertificateManager
for
fetching/storing/deleting paths/data for certificates, and backends to
actually handle those operations. The default backend will manage this
in thedata/
directory.We'll then begin to build UI around this and tie the manager into auth,
repository, and WebHook operations, allowing people to begin formally
providing self-signed certificates and internal CA-signed certificates
into all Review Board communication.
Unit tests pass.
- Change Summary:
-
- Added new exceptions for file/storage-related errors.
- Added support for certs/bundles/keys containing junk/metadata around PEM content, and stricter validation of the PEM content.
- Added logged exception handling for all I/O operations on these core classes.
CertificateBundle
now enforces bundle names as slugs.- Added missing docs.
- Added missing unit tests.
- Commits:
-
Summary ID 11812af0ccfd7f8e1993128ecfde410a24d7f540 a70e95990f5f8cb28b437bd6d5130299c90bca6a - Diff:
-
Revision 2 (+3540)