ui: add params to pki parser #18760
ui: add params to pki parser #18760
Conversation
| @@ -20,7 +20,6 @@ import { next } from '@ember/runloop'; | |||
| * @param {string} type=array - Optional type for inputValue. | |||
| * @param {string} attrName - We use this to check the type so we can modify the tooltip content. | |||
| * @param {string} subText - Text below the label. | |||
| * @param {boolean} hideFormSection - If true do not add form-section class on surrounding div. | |||
There was a problem hiding this comment.
Rather than using the hideFormSection arg is the intention to now apply the is-box-shadowless class directly to the component? I'm wondering if that will be unclear for anyone who hasn't worked with this component before.
There was a problem hiding this comment.
hideFormSection was added to remove the bottom shadow from string-list components within toggles
before - screenshot of before:
I guess it depends how we want to approach component styling. It didn't seem necessary to add a whole new argument, that was passed via attr.options since instead we could add relevant css styling directly to the component using splattributes. But if the preference is to use a component arg instead, I can revert!
There was a problem hiding this comment.
I prefer the class approach but was just looking for more context. The components that are used within FormField seem sensitive to change since they are so tightly coupled to the attr options but if we always want that shadow hidden within a form than this is a better approach.
There was a problem hiding this comment.
I agree they're fragile! I appreciate the extra consideration - I've definitely made css changes before that were not great elsewhere
| @attr('number', { formatDate: true }) notValidAfter; | ||
| @attr('number', { formatDate: true }) notValidBefore; | ||
| @attr('number', { formatDate: true, label: 'Issue date' }) notValidBefore; |
There was a problem hiding this comment.
I think we want this to still be labelled as Not Valid Before?
There was a problem hiding this comment.
I pulled this from the issuer view - but I agree. And it will hopefully help mitigate any future confusion!
ui/app/helpers/parse-pki-cert.js
Outdated
| // TODO wrap to catch errors, only parse if cross-signing? | ||
| // for cross-signing | ||
| const { alt_names, uri_sans } = parseExtensions(cert?.extensions); | ||
| const [signature_bits, use_pss] = mapSignatureBits(cert?.signatureAlgorithm); |
There was a problem hiding this comment.
@cipherboy can we use signature_bits to get the key_bits and key_type info?
There was a problem hiding this comment.
I have good news, and bad news. :-)
The bad news is, sorry that won't work. The signature's key type (RSA/...) is based on the parent issuer's CA type, which we're changing here (from an old parent issuer to a new one to form the cross-signed chain). The key_bits and key_type talk about the subject's properties (i.e., the Subject Public Key Info field), and so would be inputs for generation of the new CSR (prior to passing it to the new parent CA).
The good news is, since we're using an existing key (intermediate/generate/existing), you don't actually need to pass key_type and key_bits like @kitography does (it already exists in Vault). Kit's work is also implementing reissuance and not just cross-signing (the former can rotate key material, the latter leaves it alone).
The use_pss and signature_bits are still necessary though to tell the new parent CA what to do. :-)
There was a problem hiding this comment.
Ah that makes sense! I totally should have realized that when I was playing around with key_type and key_bit I had to use a different endpoint, which is not what we use for cross-signing - thank you for the reminder!! (I should really not work after 8:30pm 🥲 )
YAY, I love the sound of not having to pass them 🎉 😄
* refactor parser to pull serial number from subject * refactor pki parser * uninstall pvtutils * remove hideFormSection as attr * remove hideFormSection as attr * add string-list * test removing issueDate * update tests * final answer - make number types * change to unix time - since valueOf() is typically used internally * add algo mapping * add comment to complete in followon * add attrs to pki parser * add conditional operands so parser continues when values dont exist * add error handling WIP * finish tests, add error handling * revert to helper * move helper to util * add parseSubject test * finish tests * move certs to pki helper file * wrap parsing functions in try...catch
pki/certificate.jsin favor ofpki/base/certificate.jsissueDateas an attr to consistently usenotValidBeforeTo Do:
key_usage,ip_sans,key_bitsandkey_id