feat(fsim-csr): implement the CSR FSIM #562
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add a new 'certificates_enrollment' configuration section under 'service_info'. All the new CSR configuration variables will go under it. The first variable will be 'trusted_cacerts' which must contain the path to a PKCS7 file encoded in PEM or DER format. Signed-off-by: Miguel Martín <mmartinv@redhat.com>
The new FDO service info module will contain all the FDO FSIM implementations being CSR[1] the first one. [1] https://github.com/fido-alliance/fdo-sim/blob/main/fsim-repository/fdo.csr.md Signed-off-by: Miguel Martín <mmartinv@redhat.com>
… side The service info API server finds the active modules sent by the device. If the CSR module is among the active modules, the server will send the 'fdo.csr.cacerts-res' message to the device encoded as described in the specification[1] https://github.com/fido-alliance/fdo-sim/blob/main/fsim-repository/fdo.csr.md Signed-off-by: Miguel Martín <mmartinv@redhat.com>
… side The device sends the active modules to the owner's onboarding server. If the CSR module is among the active modules, the owner's onboarding server will send back the 'fdo.csr.cacerts-res' message to the device encoded as described in the specification[1]. Te device will decode the message, save the file in the system's trusted anchors and update the certificates trusted by the system. [1] https://github.com/fido-alliance/fdo-sim/blob/main/fsim-repository/fdo.csr.md Signed-off-by: Miguel Martín <mmartinv@redhat.com>
mmartinv
force-pushed
the
fdo-fsim-csr-cacerts
branch
from
592864c
to
745f1f3
Compare
mmartinv
changed the title
mmartinv
changed the title
|
This is blocked because the interaction between clients and servers in our implementation is unidirectional. We need a two way communication in order to comply with the protocol. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implement the 'CSR' (certificate signing request) FDO serviceinfo module (FSIM) for the purpose of certificate enrollment described by the FIDO alliance at https://github.com/fido-alliance/fdo-sim/blob/main/fsim-repository/fdo.csr.md
This initial PR implements the operations related to the 'Distribution of CA Certificates' only.