TrustStore: Inserter handles chains #3494
Conversation
There was a problem hiding this comment.
Reviewable status: 0 of 6 files reviewed, 1 unresolved discussion (waiting on @lukedirtwalker)
go/lib/infra/modules/trust/v2/main_test.go, line 121 at r2 (raw file):
} func loadChain(t *testing.T, desc ChainDesc) decoded.Chain {
add help message to all require statements
There was a problem hiding this comment.
Reviewed 3 of 6 files at r1, 3 of 3 files at r2.
Reviewable status: all files reviewed, 3 unresolved discussions (waiting on @oncilla)
go/lib/infra/modules/trust/v2/inserter.go, line 147 at r2 (raw file):
if found, err := ins.db.TRCExists(ctx, decTRC); err != nil || found { return false, err
I think this changes the semantics of shouldInsertTRC.
Previously, we had:
true, nil -> return false, nil
true, error -> return false, error
false, nil -> continue
false, error -> return true, error
Now, we have:
true, nil -> return false, nil
true, error -> return false, error
false, nil -> continue
false, error -> return false (!), error
Is it intentional?
go/lib/infra/modules/trust/v2/inserter.go, line 199 at r2 (raw file):
return false, serrors.WrapStr("error validating the certificate chain", err) } t, err := trcProvider(ctx, chain.Issuer.Subject.I, chain.Issuer.Issuer.TRCVersion)
That Issuer.Issuer does not read nicely. Can one of the fields be renamed to something more appropriate?
This PR adds the capability to handle certificate inserts to the inserter. fixes scionproto#3472
lukedirtwalker
force-pushed
the
pub-trust-inserter
branch
from
201e6ce to
080a882
Compare
There was a problem hiding this comment.
Reviewable status: 1 of 4 files reviewed, 3 unresolved discussions (waiting on @oncilla and @scrye)
go/lib/infra/modules/trust/v2/inserter.go, line 147 at r2 (raw file):
Previously, scrye (Sergiu Costea) wrote…
I think this changes the semantics of
shouldInsertTRC.Previously, we had:
true, nil -> return false, nil true, error -> return false, error false, nil -> continue false, error -> return true, errorNow, we have:
true, nil -> return false, nil true, error -> return false, error false, nil -> continue false, error -> return false (!), errorIs it intentional?
I think it makes sense to always return default values on errors. Therefore I changed it.
go/lib/infra/modules/trust/v2/inserter.go, line 199 at r2 (raw file):
Previously, scrye (Sergiu Costea) wrote…
That
Issuer.Issuerdoes not read nicely. Can one of the fields be renamed to something more appropriate?
hm that is kind of hard wired into design already.
https://github.com/scionproto/scion/blob/master/doc/ControlPlanePKI.md#certificate-section-issuer
I think if we want to change it certainly not in this PR.
go/lib/infra/modules/trust/v2/main_test.go, line 121 at r2 (raw file):
Previously, Oncilla wrote…
add help message to all require statements
Done.
There was a problem hiding this comment.
Reviewed 2 of 3 files at r4.
Reviewable status: 3 of 4 files reviewed, 2 unresolved discussions (waiting on @scrye)
go/lib/infra/modules/trust/v2/inserter.go, line 199 at r2 (raw file):
Previously, lukedirtwalker (Lukas Vogel) wrote…
hm that is kind of hard wired into design already.
https://github.com/scionproto/scion/blob/master/doc/ControlPlanePKI.md#certificate-section-issuer
I think if we want to change it certainly not in this PR.
Agreed, it's not nice to read.
But in the end it is the issuer of an issuer certificate, so 🤷♂️
There was a problem hiding this comment.
Reviewable status: 3 of 4 files reviewed, 2 unresolved discussions (waiting on @scrye)
There was a problem hiding this comment.
Reviewed 1 of 3 files at r4.
Reviewable status:complete! all files reviewed, all discussions resolved
There was a problem hiding this comment.
Reviewed 2 of 3 files at r4.
Reviewable status:
There was a problem hiding this comment.
Reviewed 1 of 1 files at r5.
Reviewable status:
This PR adds the capability to handle certificate inserts to the inserter.
Fixes #3472
This change is