Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permanent identifier #54

Merged
merged 13 commits into from
Aug 11, 2022
Merged

Permanent identifier #54

merged 13 commits into from
Aug 11, 2022

Conversation

maraino
Copy link
Contributor

@maraino maraino commented Aug 5, 2022
edited

Description

This PR adds support for the Permanent Identifier SAN (#53). With this PR, a Permanent Identifier can be added to a template data using:

data.Set(x509util.SANsKey, []x509util.SubjectAlternativeName{
	{Type: x509util.PermanentIdentifierType, Value: permanentIdentifier},
})

It also cleans and adds more unit tests for custom SANs PR (#27), and updates go.step.sm/crypto CI to use Go 1.18 and Go 1.19

Note that the assigner part of the Permanent Identifier is currently not supported. Suggestions are welcome. One possible solution would be to convert the SubjectAlternativeName.Value to any and enforce string for most common types and support both string and a JSON for the Permanent Identifier. Other non-supported types like DirectoryNames can benefit from this. But if we want to do this, this will be part of a different PR.

@maraino maraino marked this pull request as ready for review August 10, 2022 01:19
@maraino maraino requested a review from hslatman August 10, 2022 02:29
hslatman
hslatman reviewed Aug 10, 2022
View reviewed changes
x509util/name.go Outdated Show resolved Hide resolved
x509util/extensions.go Show resolved Hide resolved
x509util/certificate_test.go Outdated Show resolved Hide resolved
x509util/certificate.go Outdated Show resolved Hide resolved
x509util/certificate.go Outdated Show resolved Hide resolved
x509util/extensions.go Show resolved Hide resolved
@hslatman
Copy link
Member

Your solution using any would result in a type switch to do something type specific when we support it, and do a transformation to a string when we don't know the type (yet)?

maraino and others added 3 commits August 10, 2022 16:07
@maraino
Copy link
Contributor Author

maraino commented Aug 10, 2022

Your solution using any would result in a type switch to do something type specific when we support it, and do a transformation to a string when we don't know the type (yet)?

Yes, most of the types would be string, and fail if they are not, but we can add custom types for more complex SANs, although at this moment there's no real need for it, so if we need to it will go to a different PR.

@maraino maraino requested a review from hslatman August 10, 2022 23:49
@maraino maraino merged commit ab04eab into master Aug 11, 2022
@maraino maraino deleted the permanent-identifier branch August 11, 2022 19:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hslatman hslatman hslatman approved these changes

Assignees

@maraino maraino

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@maraino @hslatman