Finalize UZI PoC Q4 for YubiSign project #59

basvandriel · 2024-12-18T09:48:28Z

This pull request finalizes the Q4 PoC of the Yubisign application. This includes new features and refactoring. Note: this application is not suitable for any production environment.

This reverts commit cbcec30.

basvandriel · 2024-12-18T10:00:15Z

Before this pull request can be ready for review, these should be merged first:

Key reset on RSA page

Check PKCS library before starting up the application

AUTH_FLOW.md

app/pkcs.py

docs/LOCALSETUP.md

Co-authored-by: Rick Lambrechts <[email protected]>

basvandriel · 2024-12-19T06:34:50Z

Hi @ricklambrechts, find the applied feedback in this PR #60

Apply feedback from Rick

* work * add variable to .env.example * Update docs/local_setup.md Co-authored-by: Rick Lambrechts <[email protected]> --------- Co-authored-by: Rick Lambrechts <[email protected]>

ricklambrechts · 2024-12-29T21:20:28Z

app/pkcs.py

+        san = x509.GeneralNames(
+            [
+                x509.GeneralName("dns_name", "example.com"),
+                x509.GeneralName("dns_name", "www.example.com"),
+            ]
+        )
+        extensions = [
+            csr_module.CRIAttribute(
+                {
+                    "type": "extension_request",
+                    "values": [
+                        x509.Extensions(
+                            [
+                                x509.Extension(
+                                    {
+                                        "extn_id": "subject_alt_name",
+                                        "critical": False,
+                                        "extn_value": san,
+                                    }
+                                )
+                            ]
+                        )
+                    ],
+                }
+            )
+        ]


This should normally not be needed for our CSR, but is needed for the implementation in ACME CA Server.

ricklambrechts · 2024-12-29T21:27:31Z

app/acme.py

-        )
+        headers = {
+            "Content-Type": "application/jose+json",
+            "X-Acme-Jwt": jwt_token,


Normally the JWT is already sent as a challenge and we should not need to update the finalize request.

ricklambrechts · 2024-12-29T21:29:51Z

Need to discuss #59 (comment) and #59 (comment) with @meneerhenk to discuss what we want to do with it. These changes conflict with changing between the ACME CA Server implementation and the Boulder implementation.

basvandriel added 30 commits October 29, 2024 08:47

work on getting started

b02b92d

Work with local tool

5ab7a96

Work on docs

3b923b8

change urls

2d57054

work

d0f6ce2

send jwt

8a1fbd9

work on local setup

2f4c71a

work on local setup

95aa0c7

add images

24edf86

add screenshots

400cd0f

work

42c99c6

move docs

d079f16

rm image

7b34883

add intro text

99e0a4f

Merge branch 'uzipoc_q4_2024' into new-acme-server

b926f34

Remove initial test cert

ec703aa

Cleanup test

6aa00f5

local setup

0f427ff

Remove comment

f1c5242

add comment

6a1a513

Clarify documentation

d9f5e42

work

428ebb1

add test

2695424

add init file

d566329

work

e691ee3

Merge branch 'new-acme-server' into feature/dynamic-libykcs11

556a779

Add finder

6d3cd34

Add license

26228e5

Add sample env file

cbcec30

Revert "Add sample env file"

62ef173

This reverts commit cbcec30.

basvandriel added 5 commits December 18, 2024 13:38

rename

7ce888d

cleanup

20205e3

Merge pull request #54 from minvws/feature/yubi-reset

2e62664

Key reset on RSA page

Merge branch 'uzipoc_q4_2024' into feature/pkcs-check

e15d0e7

Merge pull request #58 from minvws/feature/pkcs-check

309db22

Check PKCS library before starting up the application

basvandriel marked this pull request as ready for review December 18, 2024 13:20

basvandriel requested a review from a team as a code owner December 18, 2024 13:20

basvandriel changed the title ~~Finalize UZI PoC Q4~~ Finalize UZI PoC Q4 for YubiSign project Dec 18, 2024