Add CA and ADCS Template metadata to Pkcs12 #183
Draft
+371
−23
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Draft
8 tasks
| # | ||
| # @return [String] | ||
| def pkcs12 | ||
| parsed_data[:pkcs12] |
There was a problem hiding this comment.
Wouldn't we want something to de-base64 encode and then load the DER data into a certificate object we can use?
If that doesn't fit here because this is for presentation, then maybe at least adding another method to handle that conversion.
There was a problem hiding this comment.
I believe the #openssl_pkcs12 method below does something similar. It returns a OpenSSL::PKCS12 object, from which we can extract the certificate.
So we have #pkcs12 returning the based-64 encoded Pkcs12 and #openssl_pkcs12 returning a OpenSSL::PKCS12 object.
I'm also happy to change this logic if needed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds the following metadata to Pkcs12:
The data is now serialized in the Pkcs12's
datafield with the following format:msf_pkcs12:<base64 cert>:<ca>:<ADCS template>.This is a draft until we've wired up the corresponding UI changes in Pro to support consuming this metadata.
Also, this would require additional migration logic to support going from the old format to the new format, otherwise folk that have existing pkcs12 certs in their database might run into problems - but we can cross that bridge once things are wired up into Pro.