Commit graph

24 commits

Author SHA1 Message Date
472091b374 Switch to logrus for structured logging 2022-11-20 10:07:02 +01:00
4c24e4692b Fix golangci-lint warnings 2022-11-20 09:13:11 +01:00
175a72298d Centralize serial number generation 2022-09-18 12:17:27 +02:00
82a1284073 Rename intermediary CA to subordinate CA
This refactoring commit renames all occurrences of the term "intermediary CA"
to "subordinate CA" for better alignment with the terms used in RFC-5280 and
other standard documents.
2022-08-03 16:01:06 +02:00
60be959c24 Implement health check infrastructure
This commit adds health check capabilities to the hsm.Access and health
response data to the messages returned by the health command.
2022-08-03 15:45:27 +02:00
3107ad8abb Implement serial link and protocol handling infrastructure
This commit adds basic serial link and protocol support. None of the commands
from the docs/design.md document is implemented yet.

The following new packages have been added:

- seriallink containing the serial link handler including COBS decoding and
  encoding
- protocol containing the protocol handler including msgpack unmarshalling
  and marshaling
- health containing a rudimentary health check implementation
- messages containing command and response types and generated msgpack
  marshaling code

A client simulation command has been added in cmd/clientsim.

README.md got instructions how to run the client simulator. The
docs/config.sample.yaml contains a new section for the serial connection
parameters.
2022-08-03 14:38:36 +02:00
c2b987fd31 Allow hsm to use relative paths 2022-08-03 14:31:46 +02:00
0d69a9013d Refactor HSM setup
- create new type hsm.Access to encapsulate HSM operations
- make setup options operate on hsm.Access instances
- adapt tests and cmd/signer to work with hsm.Access
2022-08-03 09:59:26 +02:00
c532ec436a Improve test coverage of package hsm 2022-05-01 12:36:57 +02:00
057852ede6 Implement proper support for CRLEntry extensions 2022-04-24 15:18:42 +02:00
474e7717cc Fix Goland code inspection warnings 2022-04-24 14:49:17 +02:00
79cb5c96bf Extract test helper functions 2022-04-24 14:13:52 +02:00
510ba2ad25 Add test for pkg/hsm/context.go 2022-04-24 14:05:46 +02:00
23c9e6f3e0 Improve test coverage of X.509 revoking 2022-04-24 12:45:22 +02:00
c538be4385 Fix error message spelling 2022-04-24 11:24:15 +02:00
baf6d0f037 Configure and apply golangci-lint 2022-04-24 09:25:04 +02:00
63c3716b5b Move x509 and openpgp into pkg
small refactoring to unify package structure. Use crypto.rand for serial
number generation in tests.
2022-04-24 08:03:51 +02:00
42c7dc7170 Improve config handling and test coverage 2022-04-23 18:34:51 +02:00
7d415ff181 Increase coverage for pkg/config 2022-04-21 21:12:34 +02:00
9fd40af603 Add -verbose flag, implement config options 2022-04-20 09:03:26 +02:00
2e343498af Fix failing test 2022-04-20 09:03:00 +02:00
47d5b2afff Improve configuration, implement setup mode
- implement a dedicated setup mode for creating CA certificates that is
  triggered by the '-setup' command line flag
- switch to YAML configuration for comment support and more human
  readable syntax. Format documentation is in docs/config.sample.yaml
- move HSM related code to pkg/hsm
- improve consistency checks in pkg/config
2022-04-19 16:48:32 +02:00
24f9ef297c Extract variable for policy OID 2022-04-19 11:52:54 +02:00
de997913cf Implement configuration and CA hierarchy setup
This commit implements a mechanism to load CA configuration dynamically from
JSON files. Missing keys and certificates can be generated in a PKCS#11 HSM
or Smartcard. Certificates are stored as PEM encoded .crt files in the
filesystem.

The default PKCS#11 module (softhsm2) is now loaded from a platform specific
path using go:build comments.
2022-04-16 22:24:32 +02:00