Add support for encoding/decoding cert payloads #47
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
atc0005
added
documentation
OVERVIEW
Add support for generating a certificate metadata payload in JSON
format from a specified metadata payload format version.
Add support for support for decoding a given (valid) certificate
metadata payload. The format is automatically detected from a list of
valid format versions.
The intent is to support all stable format versions indefinitely.
As of this commit / PR, format 0 is still under active development.
This format version is an "unstable" metadata format and is not
covered by this goal; format version 0 is subject to change often as
development continues. Format version 1 is implemented at this time as
a stub version for testing purposes; once stable the plan is to
promote version 0 content as the initial version 1.
CHANGES
Primary changes:
- add support for generating a JSON payload from a specified metadata
payload format version
- this can be generated by calling the `Encode` function from a
specific format version or by calling the top-level `Encode`
function and specifying a valid format version number (e.g., `0`
or `1`)
- add support for decoding a given (valid) certificate metadata
payload
- the intent is to support decoding any given payload matching the
set of supported format versions (e.g., `0`, `1`)
- the caller provides an instance of a specific format version of
the certificate metadata payload and the `Decode` function for
that format version is used
- once a format version is stable, the intent is to support creating
and decoding it using this library indefinitely
- this should allow the sysadmin using the `check_cert` plugin to
specify what version of the payload format they wish to create
- this should allow the sysadmin using a reporting tool to consume
a certificate metadata payload generated by the `check_cert`
plugin in the same fixed version as the one they asked the
`check_cert` plugin to create
- this process should continue to work as-is until the sysadmin
decides to explicitly change the certificate metadata payload
format version they're working with; updating this dependency
should not break payload generation or consumption
Other changes:
- add identification of misordered certificate chains
- add example "test" to illustrate library usage
- initial example uses format 0; the plan is to update the example
once format 1 is released/stable
- documentation updates
- general refactoring work
REFERENCES
- #19
- #31
- #46
- atc0005/check-cert#1004
atc0005
force-pushed
the
i46-add-support-for-encoding-decoding-cert-payloads
branch
from
df9f195 to
0cb596f
Compare
atc0005
deleted the
i46-add-support-for-encoding-decoding-cert-payloads
branch
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
Add support for generating a certificate metadata payload in JSON format from a specified metadata payload format version.
Add support for support for decoding a given (valid) certificate metadata payload. The format is automatically detected from a list of valid format versions.
The intent is to support all stable format versions indefinitely.
As of this commit / PR, format 0 is still under active development. This format version is an "unstable" metadata format and is not covered by this goal; format version 0 is subject to change often as development continues. Format version 1 is implemented at this time as a stub version for testing purposes; once stable the plan is to promote version 0 content as the initial version 1.
Changes
Primary changes:
Encodefunction from a specific format version or by calling the top-levelEncodefunction and specifying a valid format version number (e.g.,0or1)0,1)Decodefunction for that format version is usedcheck_certplugin to specify what version of the payload format they wish to createcheck_certplugin in the same fixed version as the one they asked thecheck_certplugin to createOther changes:
References
CertificateChainIssues.MisorderedCertsfield #19