Summary

Add CertificateManager, the main interface for SSL certificates.

Review Request #13270 — Created Sept. 11, 2023 and submitted Oct. 1, 2023, 5:26 p.m.

Information

Owner

chipx86

Repository

Review Board

Branch

release-6.x

Bugs

Depends On

Reviewers

Groups

reviewboard

People

Description

CertificateManager is a high-level interface for the SSL certificate
storage backends and verification, providing convenient functions for
adding, deleting, and fetching CA bundles, certificates, and verified
fingerprints.

These interface with the storage backend, switching backends if settings
are updated, to manage the storage of the data.

When adding certificates, their fingerprints are recorded in the
verified fingerprints store and cached for faster lookup. When deleting,
these are removed. This ensures that an uploaded certificate can be
checked either by fingerprints or by stored certificate, depending on
the needs of the consumer.

A utility function is available for creating a SSLContext
pre-populated with any relevant CA bundles, certificates, and private
keys. Another piggy-backs on that to provide urlopen() keyword
arguments relevant to the URL, making it easy to tie all requests in to
certificate storage.

There's room for further improvement, including enhanced caching. A TODO
has been left in intentionally to make note of this, and the
functionality will be introduced down the road.

Testing Done

Unit tests pass.

Tested some of this with in-progress code for hooking up SCMs.

Commits

Summary	ID
Add CertificateManager, the main interface for SSL certificates. `CertificateManager` is a high-level interface for the SSL certificate storage backends and verification, providing convenient functions for adding, deleting, and fetching CA bundles, certificates, and verified fingerprints. These interface with the storage backend, switching backends if settings are updated, to manage the storage of the data. When adding certificates, their fingerprints are recorded in the verified fingerprints store and cached for faster lookup. When deleting, these are removed. This ensures that an uploaded certificate can be checked either by fingerprints or by stored certificate, depending on the needs of the consumer. A utility function is available for creating a `SSLContext` pre-populated with any relevant CA bundles, certificates, and private keys. Another piggy-backs on that to provide `urlopen()` keyword arguments relevant to the URL, making it easy to tie all requests in to certificate storage. There's room for further improvement, including enhanced caching. A TODO has been left in intentionally to make note of this, and the functionality will be introduced down the road.	886bec220d909069eaa84334c102f38cf429998d

Summary

Add CertificateManager, the main interface for SSL certificates.

`CertificateManager` is a high-level interface for the SSL certificate storage backends and verification, providing convenient functions for adding, deleting, and fetching CA bundles, certificates, and verified fingerprints. These interface with the storage backend, switching backends if settings are updated, to manage the storage of the data. When adding certificates, their fingerprints are recorded in the verified fingerprints store and cached for faster lookup. When deleting, these are removed. This ensures that an uploaded certificate can be checked either by fingerprints or by stored certificate, depending on the needs of the consumer. A utility function is available for creating a `SSLContext` pre-populated with any relevant CA bundles, certificates, and private keys. Another piggy-backs on that to provide `urlopen()` keyword arguments relevant to the URL, making it easy to tie all requests in to certificate storage. There's room for further improvement, including enhanced caching. A TODO has been left in intentionally to make note of this, and the functionality will be introduced down the road.

886bec220d909069eaa84334c102f38cf429998d

Issues

Description	From	Last Updated
'ssl.SSLContext' imported but unused Column: 1 Error code: F401	reviewbot	Sept. 11, 2023, 6:33 p.m.
'reviewboard.certs.cert.Certificate' imported but unused Column: 1 Error code: F401	reviewbot	Sept. 11, 2023, 6:34 p.m.
'reviewboard.certs.storage.base.BaseCertificateStorageBackend' imported but unused Column: 1 Error code: F401	reviewbot	Sept. 11, 2023, 6:34 p.m.

flake8 failed.

JSHint passed.

flake8

reviewboard/certs/tests/test_certificate_manager.py (Diff revision 1)
The issue has been resolved. Show all issues
```
'ssl.SSLContext' imported but unused

Column: 1
Error code: F401
```
reviewboard/certs/tests/test_certificate_manager.py (Diff revision 1)
The issue has been resolved. Show all issues
```
'reviewboard.certs.cert.Certificate' imported but unused

Column: 1
Error code: F401
```

reviewboard/certs/tests/test_certificate_manager.py (Diff revision 1)

The issue has been resolved. Show all issues

'reviewboard.certs.storage.base.BaseCertificateStorageBackend' imported but unused

Column: 1
Error code: F401

Change Summary:

Removed unused imports.

Commits:

	Summary	ID
	Add CertificateManager, the main interface for SSL certificates. `CertificateManager` is a high-level interface for the SSL certificate storage backends and verification, providing convenient functions for adding, deleting, and fetching CA bundles, certificates, and verified fingerprints. These interface with the storage backend, switching backends if settings are updated, to manage the storage of the data. When adding certificates, their fingerprints are recorded in the verified fingerprints store and cached for faster lookup. When deleting, these are removed. This ensures that an uploaded certificate can be checked either by fingerprints or by stored certificate, depending on the needs of the consumer. A utility function is available for creating a `SSLContext` pre-populated with any relevant CA bundles, certificates, and private keys. Another piggy-backs on that to provide `urlopen()` keyword arguments relevant to the URL, making it easy to tie all requests in to certificate storage. There's room for further improvement, including enhanced caching. A TODO has been left in intentionally to make note of this, and the functionality will be introduced down the road.	f1332b8a87f209025ed0b0c2b5033c4c215128f0
	Add CertificateManager, the main interface for SSL certificates. `CertificateManager` is a high-level interface for the SSL certificate storage backends and verification, providing convenient functions for adding, deleting, and fetching CA bundles, certificates, and verified fingerprints. These interface with the storage backend, switching backends if settings are updated, to manage the storage of the data. When adding certificates, their fingerprints are recorded in the verified fingerprints store and cached for faster lookup. When deleting, these are removed. This ensures that an uploaded certificate can be checked either by fingerprints or by stored certificate, depending on the needs of the consumer. A utility function is available for creating a `SSLContext` pre-populated with any relevant CA bundles, certificates, and private keys. Another piggy-backs on that to provide `urlopen()` keyword arguments relevant to the URL, making it easy to tie all requests in to certificate storage. There's room for further improvement, including enhanced caching. A TODO has been left in intentionally to make note of this, and the functionality will be introduced down the road.	886bec220d909069eaa84334c102f38cf429998d

Diff:

Revision 2 (+4210 -4)

Show changes

	reviewboard/certs/cert.py
	reviewboard/certs/manager.py
	reviewboard/certs/storage/file_storage.py
	reviewboard/certs/tests/test_certificate_manager.py
	reviewboard/certs/tests/test_file_storage_backend.py

Checks run (2 succeeded)

flake8 passed.

JSHint passed.

Ship it!

```
Ship It!
```

Status:: Completed
Change Summary:: Pushed to release-6.x (61a4fdc)