Add finding certificate chain #83
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Thanks for the PR Oleksandr. Currently in review and will get back to you shortly |
al1img
force-pushed
the
find_certificate_chain
branch
6 times, most recently
from
c72fb44
to
41395d0
Compare
Current private certificate functions implement limited functionality to find x509 certificate by id and/or label and/or serial. They can't be reused to implement more generic find certificates API. This commit contains following changes: * implement generic findCertificatesWithAttributes function which allows to find certificates by defined templates. This function returns slice of pkcs11.ObjectHandle. Handles can be used to retrieve any information from pkcs11 object; * reimplement findCertificate function to use generic certificate functions. Signed-off-by: Oleksandr Grytsov <oleksandr_grytsov@epam.com>
Certificate chain is found by following algorithm: * find first certificate either by id or/and label or/and serial (same as existing FindCertificate does); * if issuer is not nil, find next certificate by CKA_SUBJECT (issuer should be equal subject); * if certificate with required subject not found then read all certificates and try to find next certificate by AuthorityKeyId (AuthorityKeyId should be equal to SubjectKeyId); * finding stops if last found certificate is selfsigned (issuer is nil or equals to subject). Signed-off-by: Oleksandr Grytsov <oleksandr_grytsov@epam.com>
al1img
force-pushed
the
find_certificate_chain
branch
from
41395d0
to
1bd9b57
Compare
|
I've created the issue #91 that describes the problem I would like to solve with this PR. Probably there is a better solution. |
al1img
force-pushed
the
find_certificate_chain
branch
from
5b3b887
to
1bd9b57
Compare
Add methods to find and delete certificates with custom attributes. Signed-off-by: Oleksandr Grytsov <oleksandr_grytsov@epam.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds functionality to retrieve the certificate chain with
FindCertificateChainfunction. This function has the same format as the existingFindCertificatefunction. The search of the first certificate is done by id, label, or serial, similar toFindCertificatefunction. The search of the rest certificates is done by issuer - subject path. If the corresponding certificate is not found by the subject, it tries to find it by authority - subject key id path.