Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add .NET verion generate-signature command #91

Merged
merged 23 commits into from
Apr 24, 2023
Merged

feat: add .NET verion generate-signature command #91

merged 23 commits into from
Apr 24, 2023

Conversation

JeyJeyGao
Copy link
Collaborator

@JeyJeyGao JeyJeyGao commented Apr 21, 2023
edited
Loading

Features:

  • added generate-signature command
  • support self-signed leaf certificate
  • support ca_certs pluginConfig to build the cert chain from custom certificate bundle

Tested with Notation CLI:

  • AKV self-signed Certs
  • AKV certificate signed by openssl generated CA

Resolve part of #90
Signed-off-by: Junjie Gao [email protected]

JeyJeyGao added 12 commits April 19, 2023 10:34
@JeyJeyGao
feat: implement get-plugin-metadata & describe-key command in dotnet
609d9ad 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao
fix: optimize code
0b94eb0 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao
fix: update code
cea3d9a 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao
fix: update code
c687536 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao
fix: update code
05635f6 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao
fix: update assembly name
fa23aa8 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao
refactor: refactor and add AzureKeyVault class
7fa44a1 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao
feat: add generate-signature command
a25972d 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao
fix: update sign operation
d2f4fc1 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao
fix: update code
7691782 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao
fix: update ca_certs
f97b897 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao
Merge remote-tracking branch 'upstream/main' into feat/dotnet_sign
5e2f0d7
@codecov
Copy link

codecov bot commented Apr 21, 2023
edited
Loading

Codecov Report

Merging #91 (66235ff) into main (f0a552f) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main      #91   +/-   ##
=======================================
  Coverage   69.60%   69.60%           
=======================================
  Files           6        6           
  Lines         306      306           
=======================================
  Hits          213      213           
  Misses         87       87           
  Partials        6        6

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@JeyJeyGao
fix: update code
03d1a05 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao
fix: update code
f652a3a 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao
fix: optimize code
1b0ab51 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao
fix: optimize code
a661d95 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao
fix: optimize code
87934a9 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao
fix: optimize code
c485e14 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao
fix: optimize code
19ad19c 
Signed-off-by: Junjie Gao <[email protected]>
@patrickzheng200
Copy link

patrickzheng200 commented Apr 21, 2023
edited
Loading

I guess my first question would be: has this new feature been tested with our notation CLI and AKV?

@JeyJeyGao
fix: update code
dcadfe9 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao
Copy link
Collaborator Author

JeyJeyGao commented Apr 21, 2023
edited
Loading

I guess my first question would be: has this new feature been tested with our notation CLI and AKV?

Yes, it was tested with Notation CLI. Updated the PR description.

@JeyJeyGao
fix: optimize code
3412809 
Signed-off-by: Junjie Gao <[email protected]>
shizhMSFT
shizhMSFT reviewed Apr 21, 2023
View reviewed changes
Notation.Plugin.AzureKeyVault/Protocol/KeySpec.cs Outdated Show resolved Hide resolved
Notation.Plugin.AzureKeyVault/Protocol/KeySpec.cs Outdated Show resolved Hide resolved
Notation.Plugin.AzureKeyVault/Protocol/KeySpec.cs Outdated Show resolved Hide resolved
Notation.Plugin.AzureKeyVault/Protocol/GenerateSignature.cs
@@ -9,22 +9,62 @@ namespace Notation.Plugin.Protocol
public class GenerateSignatureRequest
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just curious if record can be applied or not.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it works, but it may not help a lot because I still need to define the JsonPropertyName and manually do the the parameter validation during initialization.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks Shiwei! Updated to use record in KeyVaultClient.

Notation.Plugin.AzureKeyVault/Protocol/KeySpec.cs Outdated Show resolved Hide resolved
Notation.Plugin.AzureKeyVault/KeyVault/KeyVaultClient.cs Outdated Show resolved Hide resolved
Notation.Plugin.AzureKeyVault/KeyVault/KeyVaultClient.cs Outdated

if (signResult.KeyId != _keyId)
{
throw new PluginException("Invalid keys or certificates identifier.");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is not invalid but mismatch? When will this happen? What's the scenario for that? If the exception is thrown, should we also include the key id we want and got?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tested invalid key names and versions, and in both cases, SignDataAsync raised exceptions. Although I didn't find a real case that could trigger the exception, it's included to handle server errors that might return unexpected values.

Also updated the exception to include the KeyId.

Notation.Plugin.AzureKeyVault/Certificate/CertificateBundle.cs Show resolved Hide resolved
Notation.Plugin.AzureKeyVault/Certificate/CertificateChain.cs Outdated Show resolved Hide resolved
Notation.Plugin.AzureKeyVault/Command/GenerateSignature.cs Outdated Show resolved Hide resolved
@JeyJeyGao
fix: update code
f374a8e 
Signed-off-by: Junjie Gao <[email protected]>
@JeyJeyGao
fix: update code
66235ff 
Signed-off-by: Junjie Gao <[email protected]>
shizhMSFT
shizhMSFT approved these changes Apr 24, 2023
View reviewed changes
Copy link
Member

@shizhMSFT shizhMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@shizhMSFT shizhMSFT merged commit 17fdbcf into Azure:main Apr 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@patrickzheng200 patrickzheng200 patrickzheng200 left review comments

@shizhMSFT shizhMSFT shizhMSFT approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@JeyJeyGao @patrickzheng200 @shizhMSFT