Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cert renewal: Add request struct for v2 #3548

Merged
merged 5 commits into from
Jan 6, 2020
Merged

Cert renewal: Add request struct for v2 #3548

merged 5 commits into from
Jan 6, 2020

Conversation

lukedirtwalker
Copy link
Collaborator

@lukedirtwalker lukedirtwalker commented Dec 20, 2019
edited
Loading

Add the structure for the version 2 certificate renewal requests.

Fixes #3478

This change is Reviewable

oncilla
oncilla requested changes Dec 20, 2019
View reviewed changes
Copy link
Contributor

@oncilla oncilla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 11 of 14 files at r1.
Reviewable status: 11 of 14 files reviewed, 3 unresolved discussions (waiting on @lukedirtwalker and @oncilla)

go/cert_srv/internal/reissuance/request.go, line 37 at r2 (raw file):

// BaseRequest is the base information of the reissuance request.
type BaseRequest struct {

In current PKI they call this CertificationRequestInfo https://tools.ietf.org/html/rfc2986
what about calling this field just Info?

go/cert_srv/internal/reissuance/request.go, line 44 at r2 (raw file):

// Request is the reissuance request.
type Request struct {

IMO, this should be structured according to the general serialization syntax https://tools.ietf.org/html/rfc7515#section-7.2.1

I.e.

type Signed struct {
  Request EncodedRequest
  Protected EncodedProtected
  Signature []byte
}

type EncodedRequest string
type EncodedProtected string

type Request struct {
  Encoded EncodedInfo `json:"payload"`
  POPs []POP `json:"signatures"`
}

type Info struct {
  cert.Base
  Issuer addr.IA
  RequestTime util.UnixTime
}


type POP struct {
  Protected EncodedPOP `json:"protected"`
  Signature scrypto.JWSignature // I will add in my PR
}

go/lib/ctrl/cert_mgmt/chain_iss_req.go, line 26 at r1 (raw file):

type ChainIssReq struct {
	RawCert common.RawBytes `capnp:"cert"`

make this a []byte

lukedirtwalker
lukedirtwalker commented Dec 27, 2019
View reviewed changes
Copy link
Collaborator Author

@lukedirtwalker lukedirtwalker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 7 of 14 files reviewed, 3 unresolved discussions (waiting on @oncilla)

go/cert_srv/internal/reissuance/request.go, line 37 at r2 (raw file):

Previously, Oncilla wrote…

In current PKI they call this CertificationRequestInfo https://tools.ietf.org/html/rfc2986
what about calling this field just Info?

Done. Called it RequestInfo

go/cert_srv/internal/reissuance/request.go, line 44 at r2 (raw file):

Previously, Oncilla wrote…

IMO, this should be structured according to the general serialization syntax https://tools.ietf.org/html/rfc7515#section-7.2.1

I.e.

type Signed struct {
  Request EncodedRequest
  Protected EncodedProtected
  Signature []byte
}

type EncodedRequest string
type EncodedProtected string

type Request struct {
  Encoded EncodedInfo `json:"payload"`
  POPs []POP `json:"signatures"`
}

type Info struct {
  cert.Base
  Issuer addr.IA
  RequestTime util.UnixTime
}


type POP struct {
  Protected EncodedPOP `json:"protected"`
  Signature scrypto.JWSignature // I will add in my PR
}

Done.

go/lib/ctrl/cert_mgmt/chain_iss_req.go, line 26 at r1 (raw file):

Previously, Oncilla wrote…

make this a []byte

What should the string method do then? Optimally it would parse the new request and print it, but that's not possible because it is in an internal package.

oncilla
oncilla requested changes Jan 3, 2020
View reviewed changes
Copy link
Contributor

@oncilla oncilla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 1 of 14 files at r1, 6 of 6 files at r3.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @lukedirtwalker)

go/lib/ctrl/cert_mgmt/chain_iss_req.go, line 26 at r1 (raw file):

Previously, lukedirtwalker (Lukas Vogel) wrote…

What should the string method do then? Optimally it would parse the new request and print it, but that's not possible because it is in an internal package.

just do fmt.Sprintf("%x", c.RawCert) probably.
Using common.RawBytes just for the string method is not great.

(On that note, RawCert is not a good name anymore, since it is more than that now.)

oncilla
oncilla requested changes Jan 6, 2020
View reviewed changes
Copy link
Contributor

@oncilla oncilla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @lukedirtwalker)

go/lib/ctrl/cert_mgmt/chain_iss_req.go, line 26 at r1 (raw file):

Previously, Oncilla wrote…

just do fmt.Sprintf("%x", c.RawCert) probably.
Using common.RawBytes just for the string method is not great.

(On that note, RawCert is not a good name anymore, since it is more than that now.)

Thinking about it further, I think the RequestInfo should live in the go/lib/scrypto/cert/v2/renewal package.

As we discussed, we might want to build a tool to send requests independent of the CS.

lukedirtwalker
lukedirtwalker commented Jan 6, 2020
View reviewed changes
Copy link
Collaborator Author

@lukedirtwalker lukedirtwalker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @oncilla)

go/lib/ctrl/cert_mgmt/chain_iss_req.go, line 26 at r1 (raw file):

Previously, Oncilla wrote…

Thinking about it further, I think the RequestInfo should live in the go/lib/scrypto/cert/v2/renewal package.

As we discussed, we might want to build a tool to send requests independent of the CS.

Done.

oncilla
oncilla approved these changes Jan 6, 2020
View reviewed changes
Copy link
Contributor

@oncilla oncilla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 9 of 9 files at r4.
Reviewable status: :shipit: complete! all files reviewed, all discussions resolved

oncilla
oncilla approved these changes Jan 6, 2020
View reviewed changes
Copy link
Contributor

@oncilla oncilla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:lgtm:

Reviewable status: :shipit: complete! all files reviewed, all discussions resolved

oncilla
oncilla approved these changes Jan 6, 2020
View reviewed changes
Copy link
Contributor

@oncilla oncilla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 1 of 1 files at r5.
Reviewable status: :shipit: complete! all files reviewed, all discussions resolved

@lukedirtwalker lukedirtwalker changed the title Cert reissuance: Add request struct for v2 Cert renewal: Add request struct for v2 Jan 6, 2020
@lukedirtwalker lukedirtwalker merged commit 51a6fea into scionproto:master Jan 6, 2020
@lukedirtwalker lukedirtwalker deleted the pubCertRenewalRequest branch January 6, 2020 11:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oncilla oncilla oncilla approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CertRenewal: Port Trust v1 renewal messages to Trust v2
2 participants
@lukedirtwalker @oncilla