-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add support for signature & tbs_certificate to Certificate #2387
Conversation
Current coverage is
|
We already have a |
|
||
:type: bytes | ||
|
||
The bytes of the certificate's signature. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this need some words to express that you probably don't want to use this?
I'm happy you are planning to provide an interface to do the basic public_key verification but why does this have to be that complicated while having an interface to OpenSSL's X509_verify() does essentially the same thing in one call. In general I could see the need to have several parameters you can pass to signer_public_key.verifier() but I fail to see when you would ever want to verify against a non-matching signature algorithm or padding scheme. Or is there some restriction in X509_verify() I'm missing here? If I understand this correctly, the proposed solution has the same limitations X509_verify() has but is at least ten times harder to use (I think I would always have to copy&paste an example of this to get it right). |
@alex and others have expressed a preference for Certificate to remain a "data only" object in the recent past. The intent of exposing I am sympathetic to the argument that |
If you want to keep the certificate data-only, you could still add some sort of utility function in the backend which takes a cert object and a public key and returns a verification result. This works as long as this function can get access to the underlying x509 object (which is the case with the current design). However, it would be pretty hard to find for users since I think that functions in the backend are not supposed to be consumed by a random user. This could also be a good thing though because it prevents people from shooting themselves in the foot accidentally, believing that this is an universally, all-encompassing verification of a given certificate. |
a) Merge conflict :-( |
Yeah documenting these in my head |
Having thought about that a bit I'm actually more okay with exposing it with text similar to that. We can update it with the "Users are encouraged to use validation class" once we build the actual class. |
48b2836
to
d91e7c1
Compare
|
||
The bytes of the certificate's signature. | ||
|
||
.. attribute:: tbs_certificate |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this the right way to expose this data? It feels a bit ad-hoc compared to public_bytes
or something?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure what the best approach is here. tbsCertificate is a subset of the ASN1 that makes up the complete certificate object. I don't think I'd like it in public_bytes
because it would be beyond confusing to require users to pass the serialization type (when 99.99% of the time you just want the whole thing) in addition to encoding.
add support for signature & tbs_certificate to Certificate
Blessed are the code-mergers... Sent from my iPhone
|
To actually verify that these signatures are correct we also need access to the
tbsCertificate
bytes. Then verification looks like:Without tbs you can't actually verify. If we're going down this path then we need to expose tbsCertificate as well (name suggestions?).