This refactoring commit renames all occurrences of the term "intermediary CA"
to "subordinate CA" for better alignment with the terms used in RFC-5280 and
other standard documents.
This commit adds basic serial link and protocol support. None of the commands
from the docs/design.md document is implemented yet.
The following new packages have been added:
- seriallink containing the serial link handler including COBS decoding and
encoding
- protocol containing the protocol handler including msgpack unmarshalling
and marshaling
- health containing a rudimentary health check implementation
- messages containing command and response types and generated msgpack
marshaling code
A client simulation command has been added in cmd/clientsim.
README.md got instructions how to run the client simulator. The
docs/config.sample.yaml contains a new section for the serial connection
parameters.
- create new type hsm.Access to encapsulate HSM operations
- make setup options operate on hsm.Access instances
- adapt tests and cmd/signer to work with hsm.Access
- implement a dedicated setup mode for creating CA certificates that is
triggered by the '-setup' command line flag
- switch to YAML configuration for comment support and more human
readable syntax. Format documentation is in docs/config.sample.yaml
- move HSM related code to pkg/hsm
- improve consistency checks in pkg/config
This commit implements a mechanism to load CA configuration dynamically from
JSON files. Missing keys and certificates can be generated in a PKCS#11 HSM
or Smartcard. Certificates are stored as PEM encoded .crt files in the
filesystem.
The default PKCS#11 module (softhsm2) is now loaded from a platform specific
path using go:build comments.
- add documentation how to initialize SoftHSM for testing
- add cmd/signer package to hold future signer command
- add test to use a private key from softhsm to create a root
certificate