-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CertificateAuthority + Manager support in Python #21981
Merged
mrjerryjohns
merged 3 commits into
project-chip:master
from
mrjerryjohns:python/certificate-authority
Aug 18, 2022
Merged
CertificateAuthority + Manager support in Python #21981
mrjerryjohns
merged 3 commits into
project-chip:master
from
mrjerryjohns:python/certificate-authority
Aug 18, 2022
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This shifts the logic in the existing FabricAdmin that manages a given Root CA to its own CertificateAuthority class. This now permits a more spec-aligned structure that has a CertificateAuthorityManager that manages a set of CertificateAuthority instances, each associated with a single Root PK. Each of those manages a list of FabricAdmins adminstering a fabric within that CA, which in turn manage a list of ChipDeviceController instances within that fabric. These now permit passing in separate PersistentStorage instances so that it is more flexible/easier to sand-box each CA's storage constructs, which makes it easier to integrate with chip-tool's INI files. The PersistentStorage construct has been updated to permit both storage to file as well as just a 'soft' cache.
pullapprove
bot
requested review from
andy31415,
anush-apple,
arkq,
Byungjoo-Lee,
bzbarsky-apple,
carol-apple,
chrisdecenzo,
chshu,
chulspro,
Damian-Nordic,
dhrishi,
electrocucaracha,
emargolis,
erjiaqing,
franck-apple,
gjc13,
harsha-rajendran,
hawk248,
isiu-apple,
jelderton,
jepenven-silabs,
jmartinez-silabs,
jtung-apple,
kghost,
kpschoedel,
lazarkov,
LuDuda,
msandstedt and
mspang
August 17, 2022 19:48
pullapprove
bot
requested review from
wbschiller,
woody-apple,
xylophone21,
yufengwangca and
yunhanw-google
August 17, 2022 19:48
tcarmelveilleux
approved these changes
Aug 17, 2022
PR #21981: Size comparison from 866e7ee to 22bd024 Increases (1 build for cc13x2_26x2)
Decreases (5 builds for bl602, cc13x2_26x2, nrfconnect, telink)
Full report (25 builds for bl602, cc13x2_26x2, cyw30739, k32w, linux, mbed, nrfconnect, p6, telink)
|
yunhanw-google
approved these changes
Aug 17, 2022
PR #21981: Size comparison from 866e7ee to 7c4776a Increases (1 build for cc13x2_26x2)
Decreases (4 builds for esp32, nrfconnect, telink)
Full report (43 builds for bl602, cc13x2_26x2, cyw30739, efr32, esp32, k32w, linux, mbed, nrfconnect, p6, telink)
|
erjiaqing
approved these changes
Aug 18, 2022
Marking as fast track python infra change |
tcarmelveilleux
pushed a commit
to tcarmelveilleux/connectedhomeip
that referenced
this pull request
Aug 22, 2022
* CertificateAuthority + Manager support in Python This shifts the logic in the existing FabricAdmin that manages a given Root CA to its own CertificateAuthority class. This now permits a more spec-aligned structure that has a CertificateAuthorityManager that manages a set of CertificateAuthority instances, each associated with a single Root PK. Each of those manages a list of FabricAdmins adminstering a fabric within that CA, which in turn manage a list of ChipDeviceController instances within that fabric. These now permit passing in separate PersistentStorage instances so that it is more flexible/easier to sand-box each CA's storage constructs, which makes it easier to integrate with chip-tool's INI files. The PersistentStorage construct has been updated to permit both storage to file as well as just a 'soft' cache. * Review feedback
isiu-apple
pushed a commit
to isiu-apple/connectedhomeip
that referenced
this pull request
Sep 16, 2022
* CertificateAuthority + Manager support in Python This shifts the logic in the existing FabricAdmin that manages a given Root CA to its own CertificateAuthority class. This now permits a more spec-aligned structure that has a CertificateAuthorityManager that manages a set of CertificateAuthority instances, each associated with a single Root PK. Each of those manages a list of FabricAdmins adminstering a fabric within that CA, which in turn manage a list of ChipDeviceController instances within that fabric. These now permit passing in separate PersistentStorage instances so that it is more flexible/easier to sand-box each CA's storage constructs, which makes it easier to integrate with chip-tool's INI files. The PersistentStorage construct has been updated to permit both storage to file as well as just a 'soft' cache. * Review feedback
agners
added a commit
to agners/connectedhomeip
that referenced
this pull request
Feb 14, 2023
Fix what has been broken by CertificateAuthority + Manager support in Python (project-chip#21981).
woody-apple
pushed a commit
that referenced
this pull request
Feb 14, 2023
Fix what has been broken by CertificateAuthority + Manager support in Python (#21981).
lecndav
pushed a commit
to lecndav/connectedhomeip
that referenced
this pull request
Mar 22, 2023
Fix what has been broken by CertificateAuthority + Manager support in Python (project-chip#21981).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This shifts the logic in the existing
FabricAdmin
that manages a given Root CA to its own CertificateAuthority class. This now permits a more spec-aligned structure that has aCertificateAuthorityManager
that manages a set ofCertificateAuthority
instances, each associated with a single Root PK. Each of those manages a list ofFabricAdmins
adminstering a fabric within that CA, which in turn manage a list ofChipDeviceController
instances within that fabric.So:
CertificateAuthorityManager
== has a list of ==>CertificateAuthority
== has a list of ==>FabricAdmin
== has a list of ==>ChipDeviceController
These now permit passing in separate
PersistentStorage
instances so that it is more flexible/easier to sand-box each CA's storage constructs, which makes it easier to integrate with chip-tool's INI files.The
PersistentStorage
construct has been updated to permit both storage to file as well as just a 'soft' cache.Testing
Updated the existing Python REPL test suite, as well as the cert Matter testing framework as well and both ran successfully.