[CO-389] Write properties for cardano-sl-x509 #3620
Conversation
This make sure that for any configuration, we actually generate valid certificates. Note that the property doesn't pass for we provide AltDNS that are IP addresses and this turns out to be invalid. The underlying v3 extensions only supports DNS names and we should make sure we properly throw when given an IP address
| <*> arbitraryBasicString | ||
| <*> oneof [pure Nothing, Just <$> arbitraryBasicString] | ||
|
|
||
| shrink _ = [] |
There was a problem hiding this comment.
So you have implemented this in QuickCheck and there is no shrink. If this fails, its going to be a pain in the neck.
We'll keep this for now, but I really recommend that you have a look at HedgeHog.
There was a problem hiding this comment.
Well, not really right? There are shrinkers defined when they make sense. Here, there's just no way to shrink a DirConfiguration. Nevertheless, even without shrinking, a DirConfiguration don't get really unmanageable 😅
There was a problem hiding this comment.
That's actually why I have also explictely defined it as [], to make it clear that I haven't forgotten to define a shrink method for that type but that is just that this is the only sensible choice :)
And so far, failures render nicely 😛 (I got a few during development)
| parseAltName :: MonadThrow m => String -> m AltName | ||
| parseAltName name = | ||
| case IP.decode (T.pack name) of | ||
| Just _ -> throwM (ErrInvalidAltName "IP was given as an AltName but it should be a DNS name") |
There was a problem hiding this comment.
This will break deadalus. Please leave the IP SAN parsing in.
There was a problem hiding this comment.
Hmmm... Good catch @Disasm
But IP SAN aren't recognized as a valid alternative names by the x509 library we use. I can perhaps tweak the hook which validates the name...
Does Daedalus uses 127.0.0.1 to contact the server instead of localhost?
| instance Arbitrary (Invalid AltNames) where | ||
| arbitrary = | ||
| fmap (Invalid . mkAltNames) $ listOf1 $ frequency | ||
| [ (80, pure "localhost") |
There was a problem hiding this comment.
Does this mean localhost is an invalid altName as well now? That breaks wallet connectScripts if so.
There was a problem hiding this comment.
No. The Invalid is just biaised to sometimes generate invalid configurations such that we can use it to trigger multiple sort of errors.
KtorZ
force-pushed
the
KtorZ/CO-389/cardano-sl-x509-as-library
branch
from
b9b3894
to
ea5bc21
Compare
|
Okay, I've updated the implementation to:
Let me know 👍 Also: I am not sure whether I should add something to |
KtorZ
force-pushed
the
KtorZ/CO-389/cardano-sl-x509-as-library
branch
2 times, most recently
from
e705dfd
to
46afb5d
Compare
|
@disassembler |
e.g. - given a non-positive expiry days - given an unknown ServiceID
KtorZ
force-pushed
the
KtorZ/CO-389/cardano-sl-x509-as-library
branch
2 times, most recently
from
003ec4a
to
91ef67e
Compare
KtorZ
force-pushed
the
KtorZ/CO-389/cardano-sl-x509-as-library
branch
from
91ef67e
to
cac524c
Compare
…-x509-as-library [CO-389] Write properties for cardano-sl-x509
…hk/KtorZ/CO-389/cardano-sl-x509-as-library [CO-389] Write properties for cardano-sl-x509
Description
As per comment in #3610 --> #3610 (comment)
Linked issue
[CO-379]
Type of change
Developer checklist
[ ] CHANGELOG entry has been added and is linked to the correct PR on GitHub.Testing checklist
QA Steps
Screenshots (if available)