Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cargo Delivery Authorisation issuer isn't rotated #571

Closed
gnarea opened this issue Feb 25, 2022 · 2 comments · Fixed by #593
Closed

Cargo Delivery Authorisation issuer isn't rotated #571

gnarea opened this issue Feb 25, 2022 · 2 comments · Fixed by #593
Assignees
@sdsantos
Labels
bug Something isn't working released

Comments

@gnarea
Copy link
Member

gnarea commented Feb 25, 2022
edited
Loading

I forgot to call this out explicitly in the issues: We should rotate the self-issued certificate used in Cargo Delivery Authorisations.

Right now, we can only have exactly one as it's stored in a file that's generated the first time the app starts (and there's no rotation):

relaynet-gateway-android/app/src/main/java/tech/relaycorp/gateway/domain/LocalConfig.kt

Line 116 in 809ebbe

internal const val CDA_CERTIFICATE_FILE_NAME = "cda_local_gateway.certificate"

Instead, we should do what we've been doing with the other certificates:

We probably want to reuse our FileCertificateStore and introduce a second instance to manage CDA issuers only. I think that'd require changing the FileCertificateStore class to take a path prefix (under the existing root), so that we avoid overriding files.
@gnarea gnarea added the bug Something isn't working label Feb 25, 2022
@gnarea gnarea changed the title Cargo Delivery Authorisation certificate isn't rotated Cargo Delivery Authorisation issuer isn't rotated Feb 25, 2022
gnarea added a commit to relaycorp/relaynet-core-js that referenced this issue Feb 26, 2022
@gnarea
fix(CertificateStore): Add scope to entries
c6b50c5 
To avoid making this mistake in the JS implementation: relaycorp/relaynet-gateway-android#571
@gnarea gnarea mentioned this issue Feb 26, 2022
Merged
kodiakhq bot pushed a commit to relaycorp/relaynet-core-js that referenced this issue Feb 26, 2022
@gnarea
fix(CertificateStore): Add scope to entries (#400)
0559e83 
To avoid making this mistake in the JS implementation: relaycorp/relaynet-gateway-android#571
@sdsantos
Copy link
Collaborator

sdsantos commented Mar 1, 2022
edited
Loading

Tasks:

  • Start using new version of FileCertificateStore
  • Switch from regular FileStore to FileCertificateStore for storing CDAs
  • Generate new CDA when we don't have any, or the one we have stored is about to expire
  • Method to return the latest valid CDA and use it in all signature-producing operations
  • Method to return all valid CDAs and use it in all signature-verification operations

@Filmaluco Filmaluco self-assigned this Mar 1, 2022
@sdsantos sdsantos mentioned this issue Mar 9, 2022
Merged
kodiakhq bot pushed a commit to relaycorp/awala-jvm that referenced this issue Mar 9, 2022
@sdsantos
feat: Add scope to CertificateStore with issuerPrivateAddress (#228)
a1d6a09 
Required for relaycorp/relaynet-gateway-android#571
@sdsantos sdsantos self-assigned this Mar 28, 2022
@sdsantos sdsantos mentioned this issue Mar 28, 2022
Merged
kodiakhq bot pushed a commit that referenced this issue Apr 1, 2022
@sdsantos
fix: Update CertificateStore to use scope (#588)
2a213ee 
Related with #571 
Closes #570
@sdsantos sdsantos mentioned this issue Apr 5, 2022
Merged
@kodiakhq kodiakhq bot closed this as completed in #593 Apr 6, 2022
kodiakhq bot pushed a commit that referenced this issue Apr 6, 2022
@sdsantos
feat: Renew Cargo Delivery Authorisation (#593)
1ff0ba6 
Closes #571
@github-actions
Copy link

github-actions bot commented Apr 6, 2022

🎉 This issue has been resolved in version 1.6.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sdsantos sdsantos

Labels
bug Something isn't working released
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Renew Cargo Delivery Authorisation relaycorp/relaynet-gateway-android
3 participants
@sdsantos @gnarea @Filmaluco