Add base classes for representing certificates, bundles, and fingerprints.
Review Request #13158 — Created July 20, 2023 and submitted — Latest diff uploaded
This introduces a new
reviewboard.certs
module, which will be used for
all SSL/TLS certificate management support going forward.It currently contains representations for SSL/TLS certificates + keys,
CA bundles (containing root certs and intermediary certs), and
fingerprints.We utilize
cryptography
's certificate support for parsing out
information from a certificate, such as validity dates and fingerprints,
in order to avoid duplication of effort. These are lazily-parsed as
needed. The goal is to avoid loading this information when just passing
around basic certificate information.Going forward, the plans are to introduce a
CertificateManager
for
fetching/storing/deleting paths/data for certificates, and backends to
actually handle those operations. The default backend will manage this
in thedata/
directory.We'll then begin to build UI around this and tie the manager into auth,
repository, and WebHook operations, allowing people to begin formally
providing self-signed certificates and internal CA-signed certificates
into all Review Board communication.
Unit tests pass.