Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Addtl certs #30

Merged
merged 2 commits into from
Feb 22, 2021
Merged

Addtl certs #30

merged 2 commits into from
Feb 22, 2021

Conversation

mikhailswift
Copy link

@mikhailswift mikhailswift commented Feb 19, 2021
edited
Loading

Addresses #24 by allowing extra intermediates to be passed at verification

Piling on the tech debt -- this code could be improved, and perhaps I'll spend some time over the weekend doing so. But it works in my testing. I signed certs/demo.layout with test/data/alice after replacing the layout's rootcas with a newly generated one from make leaf_certs. I removed the intermediates from the layout, and then ran make test-run.

Afterward I ran ./bin/in-toto verify -i ./certs/example.com.intermediate.cert.pem -k ./test/data/alice.pub -l ./root.layout and it verified successfully. I re-tried with ./bin/in-toto verify -k ./test/data/alice.pub -l ./root.layout, excluding the intermediate, and it failed as expected.

I made some modifications to the cmd to ensure expected flags were required, as well.

This needs tests.

Mikhail Swift added 2 commits February 18, 2021 18:30
Mark necessary flags as required for run and verify commands
8050181
Allow intermediates to be supplied at verification time
72af4bf 
We want to support the case where an intermediate was rotated or
newly created but still establishes trust back to the root in the
signed layout.
mikhailswift
mikhailswift commented Feb 19, 2021
View reviewed changes
in_toto/cmd/verify.go
os.Exit(1)
}
}

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This whole bit should probably be in it's own function but I think we need to look at how we're loading keys and certs in the bigger picture.

@colek42
Copy link

colek42 commented Feb 22, 2021

Looks great!

@colek42 colek42 merged commit 22b0938 into master Feb 22, 2021
@colek42 colek42 deleted the addtl_certs branch February 22, 2021 05:57
mikhailswift added a commit that referenced this pull request Aug 20, 2021
@mikhailswift
Addtl certs (#30)
7f9cac9 
* Mark necessary flags as required for run and verify commands

* Allow intermediates to be supplied at verification time

We want to support the case where an intermediate was rotated or
newly created but still establishes trust back to the root in the
signed layout.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mikhailswift @colek42