Skip to content

feat: Certificate status assertion #1236

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 48 commits into from
Aug 13, 2025
Merged

feat: Certificate status assertion #1236

merged 48 commits into from
Aug 13, 2025

Conversation

@alextrnnn
Copy link
Contributor

Changes in this pull request

Implements the Certificate Status assertion definition and support for checking for certificate revocation from ocsp values found in Certificate Status assertions.

Checklist

  • This PR represents a single feature, fix, or change.
  • All applicable changes have been documented.
  • Any TO DO items (or similar) have been entered as GitHub issues and the link to that issue has been included in a comment.

alextrnnn added 12 commits July 8, 2025 13:20
@alextrnnn
feat: Add certificate status assertion
992644d
@alextrnnn
feat: Add a way to get OSCP data from asset
04d984f
@alextrnnn
fix: Test verifies round trip, changed visibility of some methods, ad…
e5e222d 
…d picture with two ocsp responses
@alextrnnn
feat: Make progress on trying to map OCSP data to certificate serial …
aacd300 
…number, need to figure out how to incorporate into SVI
@alextrnnn
feat: Able to get correct certificate num to OCSP der
67531dd
@alextrnnn
test: Add test showing that map is filled with ocsp, paired with cert…
e9076e9 
…ificate serial number
@alextrnnn
chore: Remove remnant doc
8ed22c6
@alextrnnn
fix: Modify unit tests to not fetch, certificate statuses can contain…
2c3545a 
… multiple ocsp_ders
@alextrnnn
feat: Looks through store validation info to check for ocsp responses…
1903091 
… stored there
@alextrnnn
fix: Change way to validate ocsp response ders
7f34a53
@alextrnnn
docs: Document assertion struct and some logic
716368a
@alextrnnn
refactor: Change method params
16a30e1
mauricefisher64
mauricefisher64 reviewed Jul 21, 2025
View reviewed changes
mauricefisher64
mauricefisher64 reviewed Jul 21, 2025
View reviewed changes
mauricefisher64
mauricefisher64 reviewed Jul 21, 2025
View reviewed changes
mauricefisher64
mauricefisher64 reviewed Jul 21, 2025
View reviewed changes
mauricefisher64
mauricefisher64 reviewed Jul 21, 2025
View reviewed changes
mauricefisher64
mauricefisher64 approved these changes Jul 28, 2025
View reviewed changes
Copy link
Collaborator

@mauricefisher64 mauricefisher64 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good

gpeacock
gpeacock requested changes Jul 29, 2025
View reviewed changes
Copy link
Collaborator

@gpeacock gpeacock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One request to keep this private to the crate for now, since I don't know how someone would use this publicly.

@alextrnnn alextrnnn requested a review from gpeacock July 29, 2025 20:22
gpeacock
gpeacock requested changes Aug 12, 2025
View reviewed changes
Copy link
Collaborator

@gpeacock gpeacock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need a test that validates that the expected certificate status assertion gets added on signing and that it validates correctly when reading.
Reading validation could be done in a separate PR, but we need to ensure that the assertion is created under the right conditions here.

@alextrnnn alextrnnn merged commit 10f1621 into main Aug 13, 2025
21 checks passed
@alextrnnn alextrnnn deleted the alextrnnn/certificate-status-assertion branch August 13, 2025 20:52
@caiopensrc caiopensrc mentioned this pull request Aug 13, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gpeacock gpeacock gpeacock approved these changes

@mauricefisher64 mauricefisher64 mauricefisher64 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@alextrnnn @gpeacock @mauricefisher64