Sectigo Staging Service

[bbengfort]

Scope of changes

Adds a mock Sectigo service with a self-signed CA that we can use for integration testing to ensure that the GDS interacts with Sectigo appropriately. This will allow us to "issue" certs and download them from GDS without using our Sectigo licenses.

Fixes SC-8965

Type of change

• bug fix
• new feature
• documentation
• other (staging service)

Acceptance criteria

This is quite a big PR - so a cursory review is fine.

Author checklist

• I have manually tested the change and/or added automation in the form of unit tests or integration tests
• I have updated the dependencies list
• I have recompiled and included new protocol buffers to reflect changes I made
• I have added new test fixtures as needed to support added tests
• Check this box if a reviewer can merge this pull request after approval (leave it unchecked if you want to do it yourself)
• I have moved the associated Shortcut story to "Ready for Review"

Reviewer(s) checklist

• Any new user-facing content that has been added for this PR has been QA'ed to ensure correct grammar, spelling, and understandability.

[bbengfort]

Simple JWT authentication using HS512 signed JWT tokens and a random key that is generated every time the server starts. This mimics the Sectigo API directly.

[bbengfort]

This file contains all the "Sectigo" endpoints.

[bbengfort]

If a self-signed CA cert isn't specified, one is generated.

[bbengfort]

If a secret isn't specified, one is generated.

[codecov-commenter]

Codecov Report

Base: 44.38% // Head: 43.87% // Decreases project coverage by -0.50% ⚠️

Coverage data is based on head (30ff7c5) compared to base (6a4efdd).
Patch has no changes to coverable lines.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #917      +/-   ##
==========================================
- Coverage   44.38%   43.87%   -0.51%     
==========================================
  Files         680      687       +7     
  Lines       24509    25449     +940     
  Branches     1548     1548              
==========================================
+ Hits        10878    11167     +289     
- Misses      12241    12847     +606     
- Partials     1390     1435      +45     

Flag	Coverage Δ
unittests	43.87% <ø> (-0.51%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
...ub.com/trisacrypto/directory/pkg/sectigo/config.go	66.66% <0.00%> (-33.34%)	⬇️
...b.com/trisacrypto/directory/pkg/sectigo/sectigo.go	42.74% <0.00%> (-0.42%)	⬇️
...hub.com/trisacrypto/directory/pkg/sectigo/creds.go	43.44% <0.00%> (ø)
...m/trisacrypto/directory/pkg/sectigo/serializers.go	0.00% <0.00%> (ø)
.../trisacrypto/directory/pkg/sectigo/server/store.go	10.16% <0.00%> (ø)
...trisacrypto/directory/pkg/sectigo/server/server.go	78.94% <0.00%> (ø)
...trisacrypto/directory/pkg/sectigo/server/status.go	26.66% <0.00%> (ø)
...com/trisacrypto/directory/pkg/sectigo/server/ca.go	0.00% <0.00%> (ø)
...trisacrypto/directory/pkg/sectigo/server/config.go	25.75% <0.00%> (ø)
.../trisacrypto/directory/pkg/sectigo/server/certs.go	47.36% <0.00%> (ø)
... and 2 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[pdeziel]

I've completed a quick review, not really in depth but the overall approach seems good and will definitely be useful for integration testing!

[pdeziel]

I assume this was left in from debugging?

[bbengfort]

good catch; thanks!

[pdeziel]

If I'm reading this correctly, the accessRefreshOverlap specifies the duration for which the access token and refresh token are both valid?

[bbengfort]

That's correct; normally it's -15 minutes but for testing the -1 hour overlaps the access token duration completely.