Commit graph

49 commits

Author SHA1 Message Date
e4c4d0b9eb Regenerate msgpackgen definitions 2022-12-11 14:05:37 +01:00
e35e9e9df6 Cleanup command and response types
- use consistent method recipient names
- move ErrorResponse to the end of the messages
- fix email address output in SignCertificateCommand String() method
2022-12-11 14:03:45 +01:00
f92bba5496 Define command and response for SignOpenPGP 2022-12-11 14:01:48 +01:00
c452453c31 Define command and response for RevokeCertificate 2022-12-11 14:00:47 +01:00
ad6b987c91 Implement sign certificate command
- decouple config and messages
- cainfo maps from config.Profile to messages.CAProfile
- config parses profile usage
- validity can be configured per certificate profile, defaults are defined in
  a defaultValidity method of the profile usage
- the client simulator emits certificate signing requests at random intervals
- add implementation of SingCertificateCommand to MsgPackHandler
- remove indirection signing.RequestSignature
2022-12-11 13:32:05 +01:00
40b3219c7e Add serialization/deserialization tests 2022-12-04 20:37:26 +01:00
a0b6fdce98 Refactor public API tests for messages
- move tests for public API to messages_test package
2022-12-04 19:21:45 +01:00
51ca9cc69d Refactor public API tests for protocol
- move tests for public API to protocol_test package
- add tests for context handling of COBSFramer
2022-12-04 19:17:36 +01:00
7852c4d3df Add explicit channel direction information
This commit adds explicit input and output channel type information to
make the channel's intent visible to developers.
2022-12-04 13:47:51 +01:00
46407b3685 Implement write canceling in COBSFramer 2022-12-03 13:33:37 +01:00
afe7d23c9b Implement CA information command
This commit defines command codes for planned commands and response codes for
their corresponding responses.

The health response from the HSM access component has been reduced to avoid
unnecessary data transmissions.

A new CA information command has been implemented. This command can be used
to retrieve the CA certificate and profile information for a given CA name.

The client simulator has been updated to retrieve CA information for all
CAs when the list of CAs changes.
2022-12-02 18:31:59 +01:00
1374fe58e8 Implement graceful shutdown on interrupt or SIGTERM 2022-12-02 12:54:07 +01:00
37d3b1e021 Update dependencies
This commit updates all external dependencies. The cobs module has a
changed API and code using cobs has been adapted to this new API.
2022-12-02 09:09:52 +01:00
19436c06c2 Implement unit tests for public packages
This commit adds a comprehensive unit test suite for all public packages.
2022-12-01 21:36:10 +01:00
51afebf2c1 Test and refactor messages
- add unit tests for all handwritten code in messages package
- use uuid.NewString() instead of uuid.NewUUID() to avoid unnecessary error
  handling
- sort code in messages.go to put type related code close to each other
- move checkFailed from hsm.Access.Healthy method to messages.CertificateInfoFailed
- add typing for Status field of messages.CertificateInfo
2022-12-01 11:34:07 +01:00
65c5bac2d9 Implement delta CRL support
This commit provides real CRL support with persistent storage of CRLs as well
as support for delta CRLs using github.com/balacode/go-delta
2022-11-30 18:47:18 +01:00
1031ee3118 Implement configuration support for CA profiles 2022-11-30 18:42:40 +01:00
af40662c7d Refactor client protocol
- define protocols.ClientHandler interface as base for client implementations
- implement protocols.ClientHandler in clientsim's ClientHandler type
- move protocol state handling into protocols.ServerProtocol and
  protocols.ClientProtocol
- move protocolState type into protocols.go
- reduce clientsim's TestCommandGenerator responsibility to test command
  generation
2022-11-29 14:05:10 +01:00
f429d3da45 Refactor server handler
- rename protocols.Handler to ServerHandler
- rename ServerHandler methods to better express their purpose
- pass command and response as parameters
- simplify state machine and handle errors in serial/seriallink.go
- implement command read timeout
- remove currentCommand and currentResponse fields from MsgPackHandler
2022-11-29 11:45:59 +01:00
9905d748d9 Improve signer robustness
- let client simulator send some garbage bytes before starting real commands
- handle EOF during reads
2022-11-29 10:29:09 +01:00
e5dcf7afa9 Refactor COBS wire protocol
Wire protocol handling has been moved to protocol.Framer and its
implementation protocol.COBSFramer
2022-11-29 09:57:23 +01:00
faaadbe5aa Move internal code to internal packages 2022-11-28 17:39:48 +01:00
f0d456dd13 Protocol improvements
- add a client generated command ID for tracing commands and responses
- define protocol delimiter in protocol.CobsDelimiter
- apply code simplifications suggested by golangci-lint
- add Makefile
- add compile time build information for signer binary
- make sure that dependencies for msgpackgen survive go mod tidy
- extract MsgPackHandler into its own file
- add CRL number to fetch CRL response
- remove port.Flush() to avoid removing written data before it reaches the
  client
2022-11-28 17:10:46 +01:00
8e443bd8b4 Implement protocol improvements
This commit implements a client and server side state machine
for the serial protocol.
2022-11-28 11:56:32 +01:00
2de592d30c Implement command type handling
This commit changes the wire protocol to split between command
announcement and command payload to allow proper typing of sent and
received msgpack messages.

CRL fetching has been implemented as second command after the existing
health check command.
2022-11-20 18:59:37 +01:00
472091b374 Switch to logrus for structured logging 2022-11-20 10:07:02 +01:00
4c24e4692b Fix golangci-lint warnings 2022-11-20 09:13:11 +01:00
175a72298d Centralize serial number generation 2022-09-18 12:17:27 +02:00
82a1284073 Rename intermediary CA to subordinate CA
This refactoring commit renames all occurrences of the term "intermediary CA"
to "subordinate CA" for better alignment with the terms used in RFC-5280 and
other standard documents.
2022-08-03 16:01:06 +02:00
60be959c24 Implement health check infrastructure
This commit adds health check capabilities to the hsm.Access and health
response data to the messages returned by the health command.
2022-08-03 15:45:27 +02:00
3107ad8abb Implement serial link and protocol handling infrastructure
This commit adds basic serial link and protocol support. None of the commands
from the docs/design.md document is implemented yet.

The following new packages have been added:

- seriallink containing the serial link handler including COBS decoding and
  encoding
- protocol containing the protocol handler including msgpack unmarshalling
  and marshaling
- health containing a rudimentary health check implementation
- messages containing command and response types and generated msgpack
  marshaling code

A client simulation command has been added in cmd/clientsim.

README.md got instructions how to run the client simulator. The
docs/config.sample.yaml contains a new section for the serial connection
parameters.
2022-08-03 14:38:36 +02:00
c2b987fd31 Allow hsm to use relative paths 2022-08-03 14:31:46 +02:00
0d69a9013d Refactor HSM setup
- create new type hsm.Access to encapsulate HSM operations
- make setup options operate on hsm.Access instances
- adapt tests and cmd/signer to work with hsm.Access
2022-08-03 09:59:26 +02:00
c532ec436a Improve test coverage of package hsm 2022-05-01 12:36:57 +02:00
057852ede6 Implement proper support for CRLEntry extensions 2022-04-24 15:18:42 +02:00
474e7717cc Fix Goland code inspection warnings 2022-04-24 14:49:17 +02:00
79cb5c96bf Extract test helper functions 2022-04-24 14:13:52 +02:00
510ba2ad25 Add test for pkg/hsm/context.go 2022-04-24 14:05:46 +02:00
23c9e6f3e0 Improve test coverage of X.509 revoking 2022-04-24 12:45:22 +02:00
c538be4385 Fix error message spelling 2022-04-24 11:24:15 +02:00
baf6d0f037 Configure and apply golangci-lint 2022-04-24 09:25:04 +02:00
63c3716b5b Move x509 and openpgp into pkg
small refactoring to unify package structure. Use crypto.rand for serial
number generation in tests.
2022-04-24 08:03:51 +02:00
42c7dc7170 Improve config handling and test coverage 2022-04-23 18:34:51 +02:00
7d415ff181 Increase coverage for pkg/config 2022-04-21 21:12:34 +02:00
9fd40af603 Add -verbose flag, implement config options 2022-04-20 09:03:26 +02:00
2e343498af Fix failing test 2022-04-20 09:03:00 +02:00
47d5b2afff Improve configuration, implement setup mode
- implement a dedicated setup mode for creating CA certificates that is
  triggered by the '-setup' command line flag
- switch to YAML configuration for comment support and more human
  readable syntax. Format documentation is in docs/config.sample.yaml
- move HSM related code to pkg/hsm
- improve consistency checks in pkg/config
2022-04-19 16:48:32 +02:00
24f9ef297c Extract variable for policy OID 2022-04-19 11:52:54 +02:00
de997913cf Implement configuration and CA hierarchy setup
This commit implements a mechanism to load CA configuration dynamically from
JSON files. Missing keys and certificates can be generated in a PKCS#11 HSM
or Smartcard. Certificates are stored as PEM encoded .crt files in the
filesystem.

The default PKCS#11 module (softhsm2) is now loaded from a platform specific
path using go:build comments.
2022-04-16 22:24:32 +02:00