-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add X.509 certificate parsing #1014
Conversation
Holds ISO country code.
Seemingly always displayed prefixed with the main test name. Redundancy is unnecessary. Follows examples in the testing package docs.
Looked over the remaining operations. I don't think any of them use the certificate, so I think this is OK for now. Maybe it can be added if it ever becomes necessary. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm also not sure if the original value returned from x509.ParseCertificate() shouldn't be saved in a private field somewhere in the Certificate struct, so we don't have to reconstitute it if we ever need to use the actual certificate in some of the other crypto operations mentioned in #900
Looked over the remaining operations. I don't think any of them use the certificate, so I think this is OK for now. Maybe it can be added if it ever becomes necessary.
Yeah, agree, totally fine to leave it as it is if we don't use the certificate in the rest of the new APIs - we can easily add it if it's needed in the future.
Codecov Report
@@ Coverage Diff @@
## master #1014 +/- ##
==========================================
+ Coverage 72.33% 72.51% +0.17%
==========================================
Files 132 133 +1
Lines 9717 9808 +91
==========================================
+ Hits 7029 7112 +83
- Misses 2273 2278 +5
- Partials 415 418 +3
Continue to review full report at Codecov.
|
Codecov Report
@@ Coverage Diff @@
## master #1014 +/- ##
==========================================
+ Coverage 72.33% 72.66% +0.33%
==========================================
Files 132 133 +1
Lines 9717 9842 +125
==========================================
+ Hits 7029 7152 +123
- Misses 2273 2274 +1
- Partials 415 416 +1
Continue to review full report at Codecov.
|
Pushed these changes. This The |
Here's the complete structure we ended up with. Certificate:
RDN: (= Relative Distinguished Name)
SignatureAlgorithm:
PublicKeyAlgorithm:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for the late review again 😞 This mostly looks good to me, only the PublicKey
details I've noted inline are something that I'm unsure about currently.
Regarding the linting issue, I think you might have an old Go version, 1.11.x probably. Try to update to 1.12 and run gofmt -w -s
on the file then. Doing it locally produces the following diff:
diff --git a/js/modules/k6/crypto/x509/x509.go b/js/modules/k6/crypto/x509/x509.go
index 0f89f26d..368b74c5 100644
--- a/js/modules/k6/crypto/x509/x509.go
+++ b/js/modules/k6/crypto/x509/x509.go
@@ -176,7 +176,7 @@ func makeSubject(subject pkix.Name) Subject {
StreetAddress: first(subject.StreetAddress),
OrganizationName: first(subject.Organization),
OrganizationalUnitName: subject.OrganizationalUnit,
- Names: makeRdns(subject.Names),
+ Names: makeRdns(subject.Names),
}
}
Of course, should have thought of it. The latest made the change. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would prefer if the certificate contents are transferred as []byte
from the start. This way in the future if we support non pem certificates we won't need to change it.
Also I would really like it if we can get 100% coverage on this. There are a couple of error paths that are not covered.
I was able to hit all but 1 of these. The last one is not easily within reach. It requires a valid certificate that parses correctly yet contains an unsupported key. But we're supporting all available key types. Is it possible that one could be left out? If it's important I can reorganize to make |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, LGTM, I think the current state is more than fine 😄
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM too
Thanks for reviewing guys. Will get signing rebased onto this and submit soon. |
Adds certificate parsing under a new
k6/crypto/x509
module. Methods are:parse
getAltNames
getIssuer
getSubject
Usage in JavaScript is like this:
Semantics:
notBefore
notAfter
are provided as ISO8601 strings. I think it's the easiest thing to deal with in JavaScript.A few little changes:
countryName
tocountry
, because it's meant to hold the ISO country code.organizationalUnitName
can have multiple values, so I've done it as an array of string.publicKey.e
is provided as a number literal.open()
interface on binary files. This applies tofingerPrint
publicKey.n
.fingerPrint
is an SHA-1 hash which has a defined byte order.publicKey.n
is big endian.Toward #900.