Add base classes for representing certificates, bundles, and fingerprints.
Review Request #13158 — Created July 20, 2023 and submitted
This introduces a new
reviewboard.certsmodule, which will be used for
all SSL/TLS certificate management support going forward.
It currently contains representations for SSL/TLS certificates + keys,
CA bundles (containing root certs and intermediary certs), and
cryptography's certificate support for parsing out
information from a certificate, such as validity dates and fingerprints,
in order to avoid duplication of effort. These are lazily-parsed as
needed. The goal is to avoid loading this information when just passing
around basic certificate information.
Going forward, the plans are to introduce a
fetching/storing/deleting paths/data for certificates, and backends to
actually handle those operations. The default backend will manage this
We'll then begin to build UI around this and tie the manager into auth,
repository, and WebHook operations, allowing people to begin formally
providing self-signed certificates and internal CA-signed certificates
into all Review Board communication.
Unit tests pass.
- Added new exceptions for file/storage-related errors.
- Added support for certs/bundles/keys containing junk/metadata around PEM content, and stricter validation of the PEM content.
- Added logged exception handling for all I/O operations on these core classes.
CertificateBundlenow enforces bundle names as slugs.
- Added missing docs.
- Added missing unit tests.
Revision 2 (+3540)