Skip to content
This repository was archived by the owner on Apr 6, 2026. It is now read-only.

NO-ISSUE - Add CA retrieve option#24

Merged
dborovcanin merged 4 commits into
absmach:mainfrom
nyagamunene:fetch_intermediate_cert_and_key
Oct 9, 2024
Merged

NO-ISSUE - Add CA retrieve option#24
dborovcanin merged 4 commits into
absmach:mainfrom
nyagamunene:fetch_intermediate_cert_and_key

Conversation

@nyagamunene

Copy link
Copy Markdown
Contributor

What type of PR is this?

This is a feature because it adds the following functionality: To retrieve the CA.

What does this do?

It adds an option to retrieve the signing CA i.e. intermediate CA. This is currently needed for mutual TLS.

Which issue(s) does this PR fix/relate to?

N/A

Have you included tests for your changes?

Yes.

Did you document any new/modified features?

No.

Notes

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
@nyagamunene nyagamunene self-assigned this Oct 3, 2024
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
@nyagamunene nyagamunene marked this pull request as ready for review October 3, 2024 17:28

@dborovcanin dborovcanin left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How is viewing CA different from any other certificate?

Comment thread service.go Outdated
var err error
switch len(serialNumber) {
case 0:
jwtToken := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.StandardClaims{ExpiresAt: time.Now().Add(time.Minute * 5).Unix(), Issuer: Organization, Subject: "certs"})

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Extract 5 minutes to a constant.

Comment thread service.go Outdated
token, err := jwtToken.SignedString([]byte(serialNumber))
if err != nil {
return "", errors.Wrap(ErrGetToken, err)
func (s *service) RetrieveCertDownloadToken(ctx context.Context, serialNumber ...string) (string, error) {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This method signature is cryptic. First, serialNumber should be plural. Second, what does it mean to have multiple serial numbers?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Am trying to reusing the same this function to get both a client and a CA. I cater for only 2 case if there is one serial number and none. You can pass more that one since it will default to an illegal length of serial numbers.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can create a separate method for handling CAs

@dborovcanin dborovcanin Oct 9, 2024

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can have only one serial number. If it's empty - fetch CA. You can map it to two endpoint methods to separate cases where an empty serial number is a mistake and when it's not.

Comment thread certs.go Outdated

// RetrieveCertDownloadToken retrieves a certificate download token.
RetrieveCertDownloadToken(ctx context.Context, serialNumber string) (string, error)
RetrieveCertDownloadToken(ctx context.Context, serialNumber ...string) (string, error)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Explain - what's this method even used for?

Comment thread service.go Outdated
if err != nil {
return Certificate{}, errors.Wrap(ErrViewEntity, err)
func (s *service) ViewCert(ctx context.Context, serialNumber ...string) (Certificate, error) {
var cert Certificate

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same, this becomes cryptic if we have multiple serial numbers. Especially given we use slice exclusively, i.e. we either use intermediate CA, or, for whatever reason, only the first element of the slice.

@nyagamunene

Copy link
Copy Markdown
Contributor Author

How is viewing CA different from any other certificate?

Normally they are generated during initialization and there is no implemented method to retrieve or view them.

@dborovcanin dborovcanin left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nyagamunene Please fix the previous remarks related to the serial number slice parameter.

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
@dborovcanin dborovcanin merged commit 6509013 into absmach:main Oct 9, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

Status: ✅ Done

Development

Successfully merging this pull request may close these issues.

3 participants