EDM-3390: Validate certificate fields in repositories

[celdrake]

Certificate-like fields in repositories were not validated.

• OCI registrires --> spec.ca.crt
• Git/HTTP repositories --> httpConfig.caCrt + tlsCrt, tlsKey
• Git repositories --> sshConfig.sshPrivateKey

Current validations --> encoded value < 20MiB, use only ASCII characters (can be encoded to base64)

Summary by CodeRabbit

• New Features
  • Enhanced repository configuration validation with stricter certificate size and format checks.
  • Added improved error messages for registry hostname validation and configuration requirements.
  • Extended validation across OCI, HTTP, and Git repository types with consistent error messaging.

[coderabbitai]

Walkthrough

The changes add translation entries for validation messages related to registry and certificate configuration, and refactor repository schema validation to explicitly define fields per repository type with new certificate length constraints and a shared validation helper.

Changes

Cohort / File(s)	Summary
Translation Entries libs/i18n/locales/en/translation.json	Added four new validation message translations for certificate size limits, character encoding requirements, registry hostname validation, and related error cases.
Repository Validation libs/ui-components/src/components/Repository/CreateRepository/utils.ts	Introduced certificate length constants (MAX_REPO_ENCODED_CERT_LENGTH, MAX_REPO_ORIGINAL_CERT_LENGTH) and a shared validRepositoryCertificate validation helper. Refactored repositorySchema to replace shared base schema with explicit field definitions per repository type (OCI, HTTP, Git), adding certificate and TLS validation across multiple config branches. Note: potential duplication of validation blocks detected in diff context.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title clearly references the main change: adding certificate field validation in repositories, which aligns with the substantial validation logic added across multiple certificate fields in the codebase.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

libs/ui-components/src/components/Repository/CreateRepository/utils.ts (1)

686-705: Minor: Error message mentions ASCII but validation allows Latin1.

The btoa() function accepts Latin1 characters (code points 0-255), not just ASCII (0-127). The error message states "Only ASCII characters are allowed" which is slightly more restrictive than what the validation actually enforces.

In practice this is unlikely to matter since certificates typically use ASCII, but for accuracy the message could say "Only Latin1 characters are allowed" or the validation could explicitly check for ASCII-only characters.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@libs/ui-components/src/components/Repository/CreateRepository/utils.ts`
around lines 686 - 705, The error text in validRepositoryCertificate currently
says "Only ASCII characters are allowed" but the validation uses btoa(value)
which accepts Latin1; update the failing test error message in the catch branch
(the one that calls testContext.createError) to accurately state "Only Latin1
characters are allowed" or similar, ensuring the translated string via t(...)
and references to MAX_REPO_ORIGINAL_CERT_LENGTH / MAX_REPO_ENCODED_CERT_LENGTH
remain unchanged; alternatively, if you prefer to enforce ASCII, replace the
btoa check with an explicit ASCII-only regex (e.g., /^[\x00-\x7F]+$/) before
calling btoa and keep the original message.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@libs/ui-components/src/components/Repository/CreateRepository/utils.ts`:
- Around line 686-705: The error text in validRepositoryCertificate currently
says "Only ASCII characters are allowed" but the validation uses btoa(value)
which accepts Latin1; update the failing test error message in the catch branch
(the one that calls testContext.createError) to accurately state "Only Latin1
characters are allowed" or similar, ensuring the translated string via t(...)
and references to MAX_REPO_ORIGINAL_CERT_LENGTH / MAX_REPO_ENCODED_CERT_LENGTH
remain unchanged; alternatively, if you prefer to enforce ASCII, replace the
btoa check with an explicit ASCII-only regex (e.g., /^[\x00-\x7F]+$/) before
calling btoa and keep the original message.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a79e591 and 15b7dad.

📒 Files selected for processing (2)

• libs/i18n/locales/en/translation.json
• libs/ui-components/src/components/Repository/CreateRepository/utils.ts