Add wildcard certificate storage to the file backend.
Review Request #13266 — Created Sept. 7, 2023 and submitted — Latest diff uploaded
This updates the file backend to allow wildcard certificates to be
stored and fetched, and to use them as a fallback if a specific
certificate cannot be found.Normal certs are now stored in the form of
{hostname}__{port}.{ext},
and wildcard certs are stored as__.{hostname}__{port}.{ext}. This
avoids issues with naming a file with a wildcard, and_is not a valid
character in domains so it's safe to use.Wildcards are only permitted as the first character in the name.
When fetching a certificate, the backend checks first for an an exact
hostname match. If not found, it checks for a wildcard certificate. The
resultingCertificateobject will use the specific hostname, but will
refer to the wildcard storage ID.Wildcards are not supported nor needed for CA bundles and fingerprints.
There's also no special handling of certificates that list multiple
domains without using wildcards. In this case, administrators should
upload the cert for each hostname they need individually. We don't
expect this will come up much in real usage.
All unit tests pass.
Diff Revision 2 (Latest)
Commits
Files
| reviewboard/certs/storage/file_storage.py |
|---|
| reviewboard/certs/tests/test_file_storage_backend.py |
|---|
| reviewboard/certs/tests/testdata/file_storage/make-cert.sh |
|---|
| reviewboard/certs/tests/testdata/file_storage/certs/__.eng.example.com__443.crt |
|---|
| reviewboard/certs/tests/testdata/file_storage/certs/__.eng.example.com__443.key |
|---|
| reviewboard/certs/tests/testdata/file_storage/certs/ldap.example.com_636.crt |
|---|
| reviewboard/certs/tests/testdata/file_storage/certs/ldap.example.com_636.key |
|---|
| reviewboard/certs/tests/testdata/file_storage/certs/reviewboard.eng.example.com__443.crt |
|---|
| reviewboard/certs/tests/testdata/file_storage/certs/reviewboard.eng.example.com__443.key |
|---|
| reviewboard/certs/tests/testdata/file_storage/certs/www.example.com_443.crt |
|---|
| reviewboard/certs/tests/testdata/file_storage/fingerprints/ldap.example.com_636.json |
|---|
| reviewboard/certs/tests/testdata/file_storage/fingerprints/www.example.com_443.json |
|---|
| reviewboard/certs/tests/testdata/file_storage/fingerprints/www2.example.com_443.json |
|---|
| reviewboard/certs/tests/testdata/file_storage/sites/test-site-1/certs/p4.example.com_1667.crt |
|---|
| reviewboard/certs/tests/testdata/file_storage/sites/test-site-1/fingerprints/p4.example.com_1667.json |
|---|
| reviewboard/certs/tests/testdata/file_storage/sites/test-site-2/certs/__.eng.example.com__443.crt |
|---|
| reviewboard/certs/tests/testdata/file_storage/sites/test-site-2/certs/__.eng.example.com__443.key |
|---|
| reviewboard/certs/tests/testdata/file_storage/sites/test-site-2/certs/svn.example.com_8443.crt |
|---|
| reviewboard/certs/tests/testdata/file_storage/sites/test-site-2/certs/svn.example.com_8443.key |
|---|
| reviewboard/certs/tests/testdata/file_storage/sites/test-site-2/certs/tools.corp.example.com_443.crt |
|---|
| reviewboard/certs/tests/testdata/file_storage/sites/test-site-2/certs/tools.corp.example.com_443.key |
|---|
| reviewboard/certs/tests/testdata/file_storage/sites/test-site-2/fingerprints/svn.example.com_8443.json |
|---|
| reviewboard/certs/tests/testdata/file_storage/sites/test-site-2/fingerprints/tools.corp.example.com_443.json |
|---|