Add base classes for representing certificates, bundles, and fingerprints.

 






 

 


  Review Request #13158
  —
  Created July 20, 2023 and submitted  — Latest diff uploaded 

 


















 

  

   Information

  





 
 

  chipx86
 









 
 

  Review Board
 









 
 

  release-6.x
 









 
 

  
 









 
 

  
 






 




 

  

   Reviewers

  





 
 

  reviewboard
 









 
 

  
 






 








 





  


 
 

  
This introduces a new reviewboard.certs module, which will be used for

all SSL/TLS certificate management support going forward.


It currently contains representations for SSL/TLS certificates + keys,

CA bundles (containing root certs and intermediary certs), and

fingerprints.


We utilize cryptography's certificate support for parsing out

information from a certificate, such as validity dates and fingerprints,

in order to avoid duplication of effort.  These are lazily-parsed as

needed. The goal is to avoid loading this information when just passing

around basic certificate information.


Going forward, the plans are to introduce a CertificateManager for

fetching/storing/deleting paths/data for certificates, and backends to

actually handle those operations. The default backend will manage this

in the data/ directory.


We'll then begin to build UI around this and tie the manager into auth,

repository, and WebHook operations, allowing people to begin formally

providing self-signed certificates and internal CA-signed certificates

into all Review Board communication.

 








  


 
 

  
Unit tests pass.

 







 









 





  








 




 







   

    
    
Diff Revision 2 (Latest)



    

 

 

 

 
orig
1
2

 



    


    

      
Commits

      

 

 

  
   First
   Last
  
  Summary
  ID
  Author
 



 
  
   
  
  
   
  
 
 
  
   
    

     Add base classes for representing certificates, bundles, and fingerprints.
     
This introduces a new `reviewboard.certs` module, which will be used for
all SSL/TLS certificate management support going forward.

It currently contains representations for SSL/TLS certificates + keys,
CA bundles (containing root certs and intermediary certs), and
fingerprints.

We utilize `cryptography`'s certificate support for parsing out
information from a certificate, such as validity dates and fingerprints,
in order to avoid duplication of effort.  These are lazily-parsed as
needed. The goal is to avoid loading this information when just passing
around basic certificate information.

Going forward, the plans are to introduce a `CertificateManager` for
fetching/storing/deleting paths/data for certificates, and backends to
actually handle those operations. The default backend will manage this
in the `data/` directory.

We'll then begin to build UI around this and tie the manager into auth,
repository, and WebHook operations, allowing people to begin formally
providing self-signed certificates and internal CA-signed certificates
into all Review Board communication.

    

   
  		
  a70e95990f5f8cb28b437bd6d5130299c90bca6a
  Christian Hammond
 




    


    
    

   

  

 









 

  

   
    

     
      
      docs/manual/extending/coderef/index.rst
     
    

   
  

 



 

  

   
    

     
      
      reviewboard/certs/__init__.py
     
    

   
  

 



 

  

   
    

     
      
      reviewboard/certs/cert.py
     
    

   
  

 



 

  

   
    

     
      
      reviewboard/certs/errors.py
     
    

   
  

 



 

  

   
    

     
      
      reviewboard/certs/tests/__init__.py
     
    

   
  

 



 

  

   
    

     
      
      reviewboard/certs/tests/test_certificate.py
     
    

   
  

 



 

  

   
    

     
      
      reviewboard/certs/tests/test_certificate_bundle.py
     
    

   
  

 



 

  

   
    

     
      
      reviewboard/certs/tests/test_certificate_fingerprints.py
     
    

   
  

 



 

  

   
    

     
      
      reviewboard/certs/tests/testcases.py
     
    

   
  

 










     

    

   

  

  

   
   Loading...