Add non-data-backed Certificates, timezone safety, and wildcard certs.

Review Request #13195 — Created Aug. 8, 2023 and submitted — Latest diff uploaded

Information

Review Board
release-6.x

Reviewers

All publicly-exposed attributes of a Certificate can now be set during
construction, rather than needing to feed in data via a PEM-encoded
certificate data. This will be important for relaying information from
SCMs for error/verification reporting.

These attributes make use of Djblets's new UNSET symbol and
Unsettable[T] type, helping to differentiate between a value not yet
supplied/computed and a None result from not having a source for the
value on access.

All validity timezones are now timezone-aware. We assert this when
provided during construction, and normalize when loading from PEM data.

There's a new function for determining if the Certificate represents
a wildcard cert (checking for a * in the domain). This will be used in
cert storage in an upcoming change.

Unit tests have also been fleshed out, giving us 100% test coverage for
cert.py.

Unit tests pass.

Commits

Files