Add base classes for representing certificates, bundles, and fingerprints.

Review Request #13158 — Created July 20, 2023 and submitted — Latest diff uploaded

Information

Review Board
release-6.x

Reviewers

This introduces a new reviewboard.certs module, which will be used for
all SSL/TLS certificate management support going forward.

It currently contains representations for SSL/TLS certificates + keys,
CA bundles (containing root certs and intermediary certs), and
fingerprints.

We utilize cryptography's certificate support for parsing out
information from a certificate, such as validity dates and fingerprints,
in order to avoid duplication of effort. These are lazily-parsed as
needed. The goal is to avoid loading this information when just passing
around basic certificate information.

Going forward, the plans are to introduce a CertificateManager for
fetching/storing/deleting paths/data for certificates, and backends to
actually handle those operations. The default backend will manage this
in the data/ directory.

We'll then begin to build UI around this and tie the manager into auth,
repository, and WebHook operations, allowing people to begin formally
providing self-signed certificates and internal CA-signed certificates
into all Review Board communication.

Unit tests pass.

Commits

Files