Add base classes for representing certificates, bundles, and fingerprints.

Review Request #13158 — Created July 20, 2023 and submitted

Information

Review Board
release-6.x

Reviewers

This introduces a new reviewboard.certs module, which will be used for
all SSL/TLS certificate management support going forward.

It currently contains representations for SSL/TLS certificates + keys,
CA bundles (containing root certs and intermediary certs), and
fingerprints.

We utilize cryptography's certificate support for parsing out
information from a certificate, such as validity dates and fingerprints,
in order to avoid duplication of effort. These are lazily-parsed as
needed. The goal is to avoid loading this information when just passing
around basic certificate information.

Going forward, the plans are to introduce a CertificateManager for
fetching/storing/deleting paths/data for certificates, and backends to
actually handle those operations. The default backend will manage this
in the data/ directory.

We'll then begin to build UI around this and tie the manager into auth,
repository, and WebHook operations, allowing people to begin formally
providing self-signed certificates and internal CA-signed certificates
into all Review Board communication.

Unit tests pass.

Summary ID
Add base classes for representing certificates, bundles, and fingerprints.
This introduces a new `reviewboard.certs` module, which will be used for all SSL/TLS certificate management support going forward. It currently contains representations for SSL/TLS certificates + keys, CA bundles (containing root certs and intermediary certs), and fingerprints. We utilize `cryptography`'s certificate support for parsing out information from a certificate, such as validity dates and fingerprints, in order to avoid duplication of effort. These are lazily-parsed as needed. The goal is to avoid loading this information when just passing around basic certificate information. Going forward, the plans are to introduce a `CertificateManager` for fetching/storing/deleting paths/data for certificates, and backends to actually handle those operations. The default backend will manage this in the `data/` directory. We'll then begin to build UI around this and tie the manager into auth, repository, and WebHook operations, allowing people to begin formally providing self-signed certificates and internal CA-signed certificates into all Review Board communication.
a70e95990f5f8cb28b437bd6d5130299c90bca6a
Description From Last Updated

Missing documentation.

maubinmaubin

Do we want to say "optional" in the types here?

daviddavid
maubin
  1. 
      
  2. reviewboard/certs/cert.py (Diff revision 1)
     
     
     
     
     
     
     
     
     
     
     
    Show all issues

    Missing documentation.

  3. 
      
chipx86
david
  1. 
      
  2. reviewboard/certs/cert.py (Diff revision 2)
     
     
     
     
     
     
    Show all issues

    Do we want to say "optional" in the types here?

  3. 
      
chipx86
Review request changed
Status:
Completed
Change Summary:
Pushed to release-6.x (6403e68)