Skip to content

feat(model): add certificate analysis fields for expiry and key length (FIREWALL-037, -038) #500

Open
Feature
Open
feat(model): add certificate analysis fields for expiry and key length (FIREWALL-037, -038)#500
Feature
Labels
audit-modeRelated to audit and compliance functionalityenhancementNew feature or requestpriority:normalNormal priority issuesp:3Story Points: 3 (moderate)type:featureNew feature implementation
@unclesp1d3r

Description

@unclesp1d3r
unclesp1d3r
opened on Mar 28, 2026

Summary

FIREWALL-037 (Certificate Expiration) and FIREWALL-038 (Strong Key Lengths) return UNKNOWN because the Certificate model lacks parsed metadata fields.

Missing Fields

Control Field Needed Source Description
FIREWALL-037 Certificate.NotBefore, Certificate.NotAfter PEM parsing Certificate validity period
FIREWALL-038 Certificate.KeyType, Certificate.KeyBits PEM parsing Key algorithm and bit length

Implementation Notes

The raw PEM data is already available in Certificate.Certificate (string field). The converter or parser could extract these fields using crypto/x509.ParseCertificate during parsing. This avoids PEM parsing in the compliance plugin itself.

Alternatively, add a ParsedCert computed field populated during conversion.

Related

Metadata

Metadata

Assignees

No one assigned

    Labels

    audit-modeRelated to audit and compliance functionalityenhancementNew feature or requestpriority:normalNormal priority issuesp:3Story Points: 3 (moderate)type:featureNew feature implementation

    Type

    Feature

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions