-
Notifications
You must be signed in to change notification settings - Fork 104
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Simplify balrog implementation #993
Conversation
- remove data parsing and client side validation - clean-up function signatures - define new verification method signature
@g-k would appreciate a quick review of our balrog/* files to make sure I've used your new module correctly. |
return false | ||
} | ||
// Verify method does not verify the leaf cert subject, so we do it here. | ||
certs, _ := contentsignature.ParseChain([]byte(x5u)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ignoring the error because contentsignature.Verify
already calls ParseChain.
@@ -174,111 +171,42 @@ bool Balrog::fetchSignature(NetworkRequest* initialRequest, | |||
}); | |||
|
|||
connect(x5uRequest, &NetworkRequest::requestCompleted, | |||
[this, signatureBlob, algorithm, dataUpdate](const QByteArray& data) { | |||
[this, signatureBlob, updateData](const QByteArray& x5uData) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@bakulf as we discussed we leave the network request handling on cpp side.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Fixes #797, #798
Instead of rolling our own, we use the new verify module of the mozilla go package autograph (https://github.com/mozilla-services/autograph/).
This allows for simplification of both the api.go code and the update/balrog.cpp.
In addition, we also resolve the FVP-02-002 and FVP-02-003.
Note, we have verified that balrog algorithm is p384ecdsa which is supported by autograph module.
Thanks to @g-k for splitting out the verify module.