Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix: support certificate pem type #633

Merged
merged 2 commits into from Aug 21, 2022
Merged

Fix: support certificate pem type #633

merged 2 commits into from Aug 21, 2022

Conversation

k4leung4
Copy link
Contributor

Signed-off-by: Kenny Leung kleung@chainguard.dev

Summary

Change is needed to get fulcio test to pass. See https://github.com/sigstore/fulcio/runs/7935433305?check_suite_focus=true

My understanding is that CertificatePEMType is also valid. If not, tests in fulcio will need to be fixed.
https://github.com/sigstore/fulcio/blob/main/pkg/server/grpc_server_test.go#L383

Release Note

Documentation

@k4leung4
support certificate pem type
400d932 
Signed-off-by: Kenny Leung <kleung@chainguard.dev>
@dekkagaijin
Copy link
Member

Would be good to add a test case

@k4leung4
add unit test
acfe8a7 
Signed-off-by: Kenny Leung <kleung@chainguard.dev>
@k4leung4
Copy link
Contributor Author

Would be good to add a test case

added test

@dekkagaijin dekkagaijin merged commit 44be03d into sigstore:main Aug 21, 2022
@k4leung4 k4leung4 deleted the cert-type branch August 21, 2022 04:13
@haydentherapper
Copy link
Contributor

haydentherapper commented Aug 21, 2022
edited

Thanks for making a fix! However, can we revert this? This will cause issues if you try to pass a PEM-encoded certificate, the PKIX parsing will fail. When calling PEMEncode in the test, the PEM block should also start with "PUBLIC KEY", not "CERTIFICATE".

The Fulcio test is what's wrong, it should be creating a PEM-encoded public key with PublicKeyPEMType.

@haydentherapper
Copy link
Contributor

Ah, I see why the Fulcio tests broke. A PR added PEM block type checking to return a better error message. Previously, the PEM block type didn't matter, so even though the Fulcio test was constructing invalid test input, the tests still passed.

So yea, the correct fix is just to fix the Fulcio test, and revert this.

k4leung4 added a commit to k4leung4/sigstore that referenced this pull request Aug 21, 2022
@k4leung4
Revert "Fix: support certificate pem type (sigstore#633)"
693d3d2 
This reverts commit 44be03d.
@k4leung4 k4leung4 mentioned this pull request Aug 21, 2022
Merged
k4leung4 added a commit to k4leung4/sigstore that referenced this pull request Aug 21, 2022
@k4leung4
Revert "Fix: support certificate pem type (sigstore#633)"
fbc111e 
This reverts commit 44be03d.

Signed-off-by: Kenny Leung <kleung@chainguard.dev>
dlorenc pushed a commit that referenced this pull request Aug 21, 2022
@k4leung4
Revert "Fix: support certificate pem type (#633)" (#634)
0e4de92 
This reverts commit 44be03d.

Signed-off-by: Kenny Leung <kleung@chainguard.dev>

Signed-off-by: Kenny Leung <kleung@chainguard.dev>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dekkagaijin dekkagaijin dekkagaijin approved these changes

@haydentherapper haydentherapper Awaiting requested review from haydentherapper

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@k4leung4 @dekkagaijin @haydentherapper