ad879a1fbc
This change adds support for certificate validation, including certificate inspection utilities. Validating a certificate requires the certificate UUID of the certificate to validate, a set of UUIDs corresponding to the set of trusted certificates needed to validate the certificate, and a user context for authentication to the key manager. A new certificate verification context is included that is used to store the set of trusted certificates once they are loaded from the key manager. This context is used to validate the signing certificate, verifying that the certificate belongs to a valid certificate chain rooted in the set of trusted certificates. All new certificate utility code is added in a new module named certificate_utils. For more information on this work, see the spec: https://review.openstack.org/#/c/488541/ SecurityImpact DocImpact Change-Id: I8d7f43fb4c0573ac3681147eac213b369bbbcb3b Implements: blueprint nova-validate-certificates
38 lines
2.1 KiB
YAML
38 lines
2.1 KiB
YAML
---
|
|
prelude: >
|
|
The cursive library supports the verification of digital signatures.
|
|
However, there is no way currently to validate the certificate used to
|
|
generate a given signature. Adding certificate validation improves the
|
|
security of signature verification when each is used together.
|
|
features:
|
|
- Adds a variety of certificate utility functions that inspect certificate
|
|
attributes and extensions for different settings.
|
|
- Adds the CertificateVerificationContext class which uses a set of
|
|
trusted certificates to conduct certificate validation, verifying that a
|
|
given certificate is part of a certificate chain rooted with a trusted
|
|
certificate.
|
|
- Adds a verify_certificate method that loads all certificates needed for
|
|
certificate validation from the key manager and uses them to create a
|
|
CertificateVerificationContext object. The context is then used to
|
|
determine if a certificate is valid.
|
|
upgrade:
|
|
- The addition of certificate validation as a separate operation from the
|
|
signature verification process preserves backwards compatibility.
|
|
Signatures previously verifiable with cursive will still be verifiable.
|
|
However, their signing certificates may not be valid. Each signing
|
|
certificate should be checked for validity before it is used to conduct
|
|
signature verification.
|
|
security:
|
|
- The usage of certificate validation with the signature verification
|
|
process improves the security of signature verification. A signature
|
|
should not be considered valid unless its corresponding certificate is
|
|
also valid.
|
|
other:
|
|
- The CertificateVerificationContext is built using a set of trusted
|
|
certificates. However, to conduct certificate verification the context
|
|
builds the full certificate chain, starting with the certificate to
|
|
validate and ending with the self-signed root certificate. If this
|
|
self-signed root certificate is not present in the context, or if one
|
|
of the intermediate certificates is not present in the context, the
|
|
certificate chain cannot be built and certificate validation will fail.
|