Commit graph

8 commits

Author SHA1 Message Date
0d69a9013d Refactor HSM setup
- create new type hsm.Access to encapsulate HSM operations
- make setup options operate on hsm.Access instances
- adapt tests and cmd/signer to work with hsm.Access
2022-08-03 09:59:26 +02:00
5776723fa2 Fix typo (singer vs. signer) 2022-04-26 18:15:28 +02:00
474e7717cc Fix Goland code inspection warnings 2022-04-24 14:49:17 +02:00
baf6d0f037 Configure and apply golangci-lint 2022-04-24 09:25:04 +02:00
9fd40af603 Add -verbose flag, implement config options 2022-04-20 09:03:26 +02:00
47d5b2afff Improve configuration, implement setup mode
- implement a dedicated setup mode for creating CA certificates that is
  triggered by the '-setup' command line flag
- switch to YAML configuration for comment support and more human
  readable syntax. Format documentation is in docs/config.sample.yaml
- move HSM related code to pkg/hsm
- improve consistency checks in pkg/config
2022-04-19 16:48:32 +02:00
de997913cf Implement configuration and CA hierarchy setup
This commit implements a mechanism to load CA configuration dynamically from
JSON files. Missing keys and certificates can be generated in a PKCS#11 HSM
or Smartcard. Certificates are stored as PEM encoded .crt files in the
filesystem.

The default PKCS#11 module (softhsm2) is now loaded from a platform specific
path using go:build comments.
2022-04-16 22:24:32 +02:00
0a8b4896ba Add PKCS#11 test to generate root certificate
- add documentation how to initialize SoftHSM for testing
- add cmd/signer package to hold future signer command
- add test to use a private key from softhsm to create a root
  certificate
2022-04-13 08:32:16 +02:00