Commit graph

43 commits

Author SHA1 Message Date
9905d748d9 Improve signer robustness
- let client simulator send some garbage bytes before starting real commands
- handle EOF during reads
2022-11-29 10:29:09 +01:00
e5dcf7afa9 Refactor COBS wire protocol
Wire protocol handling has been moved to protocol.Framer and its
implementation protocol.COBSFramer
2022-11-29 09:57:23 +01:00
faaadbe5aa Move internal code to internal packages 2022-11-28 17:39:48 +01:00
f0d456dd13 Protocol improvements
- add a client generated command ID for tracing commands and responses
- define protocol delimiter in protocol.CobsDelimiter
- apply code simplifications suggested by golangci-lint
- add Makefile
- add compile time build information for signer binary
- make sure that dependencies for msgpackgen survive go mod tidy
- extract MsgPackHandler into its own file
- add CRL number to fetch CRL response
- remove port.Flush() to avoid removing written data before it reaches the
  client
2022-11-28 17:10:46 +01:00
8e443bd8b4 Implement protocol improvements
This commit implements a client and server side state machine
for the serial protocol.
2022-11-28 11:56:32 +01:00
2de592d30c Implement command type handling
This commit changes the wire protocol to split between command
announcement and command payload to allow proper typing of sent and
received msgpack messages.

CRL fetching has been implemented as second command after the existing
health check command.
2022-11-20 18:59:37 +01:00
472091b374 Switch to logrus for structured logging 2022-11-20 10:07:02 +01:00
4c24e4692b Fix golangci-lint warnings 2022-11-20 09:13:11 +01:00
175a72298d Centralize serial number generation 2022-09-18 12:17:27 +02:00
64dd9429be Let the client send health checks periodically 2022-08-04 10:16:41 +02:00
82a1284073 Rename intermediary CA to subordinate CA
This refactoring commit renames all occurrences of the term "intermediary CA"
to "subordinate CA" for better alignment with the terms used in RFC-5280 and
other standard documents.
2022-08-03 16:01:06 +02:00
60be959c24 Implement health check infrastructure
This commit adds health check capabilities to the hsm.Access and health
response data to the messages returned by the health command.
2022-08-03 15:45:27 +02:00
3107ad8abb Implement serial link and protocol handling infrastructure
This commit adds basic serial link and protocol support. None of the commands
from the docs/design.md document is implemented yet.

The following new packages have been added:

- seriallink containing the serial link handler including COBS decoding and
  encoding
- protocol containing the protocol handler including msgpack unmarshalling
  and marshaling
- health containing a rudimentary health check implementation
- messages containing command and response types and generated msgpack
  marshaling code

A client simulation command has been added in cmd/clientsim.

README.md got instructions how to run the client simulator. The
docs/config.sample.yaml contains a new section for the serial connection
parameters.
2022-08-03 14:38:36 +02:00
c2b987fd31 Allow hsm to use relative paths 2022-08-03 14:31:46 +02:00
0d69a9013d Refactor HSM setup
- create new type hsm.Access to encapsulate HSM operations
- make setup options operate on hsm.Access instances
- adapt tests and cmd/signer to work with hsm.Access
2022-08-03 09:59:26 +02:00
7acec714e3 Remove separate Command dispatcher 2022-08-02 15:19:23 +02:00
b084872542 Add architecture/design documentation 2022-08-02 11:15:23 +02:00
c532ec436a Improve test coverage of package hsm 2022-05-01 12:36:57 +02:00
5776723fa2 Fix typo (singer vs. signer) 2022-04-26 18:15:28 +02:00
057852ede6 Implement proper support for CRLEntry extensions 2022-04-24 15:18:42 +02:00
474e7717cc Fix Goland code inspection warnings 2022-04-24 14:49:17 +02:00
79cb5c96bf Extract test helper functions 2022-04-24 14:13:52 +02:00
510ba2ad25 Add test for pkg/hsm/context.go 2022-04-24 14:05:46 +02:00
23c9e6f3e0 Improve test coverage of X.509 revoking 2022-04-24 12:45:22 +02:00
c538be4385 Fix error message spelling 2022-04-24 11:24:15 +02:00
baf6d0f037 Configure and apply golangci-lint 2022-04-24 09:25:04 +02:00
63c3716b5b Move x509 and openpgp into pkg
small refactoring to unify package structure. Use crypto.rand for serial
number generation in tests.
2022-04-24 08:03:51 +02:00
20580cda52 Use standard library types for certificates and revocations 2022-04-23 19:37:42 +02:00
42c7dc7170 Improve config handling and test coverage 2022-04-23 18:34:51 +02:00
7d415ff181 Increase coverage for pkg/config 2022-04-21 21:12:34 +02:00
3a6127a939 Finish openssl repository implementation and tests 2022-04-21 20:01:35 +02:00
b9e8862f3e Update README to reflect setup
Key setup can now be done by the signer, p11tool is no longer needed for
key generation.
2022-04-20 09:06:22 +02:00
9fd40af603 Add -verbose flag, implement config options 2022-04-20 09:03:26 +02:00
2e343498af Fix failing test 2022-04-20 09:03:00 +02:00
47d5b2afff Improve configuration, implement setup mode
- implement a dedicated setup mode for creating CA certificates that is
  triggered by the '-setup' command line flag
- switch to YAML configuration for comment support and more human
  readable syntax. Format documentation is in docs/config.sample.yaml
- move HSM related code to pkg/hsm
- improve consistency checks in pkg/config
2022-04-19 16:48:32 +02:00
24f9ef297c Extract variable for policy OID 2022-04-19 11:52:54 +02:00
de997913cf Implement configuration and CA hierarchy setup
This commit implements a mechanism to load CA configuration dynamically from
JSON files. Missing keys and certificates can be generated in a PKCS#11 HSM
or Smartcard. Certificates are stored as PEM encoded .crt files in the
filesystem.

The default PKCS#11 module (softhsm2) is now loaded from a platform specific
path using go:build comments.
2022-04-16 22:24:32 +02:00
9befa5bea6 Add goreleaser configuration 2022-04-16 14:43:05 +02:00
1d43b4d1b0 Update to go 1.18 2022-04-16 12:21:15 +02:00
7c0ccca665 Update dependencies 2022-04-13 08:39:26 +02:00
0a8b4896ba Add PKCS#11 test to generate root certificate
- add documentation how to initialize SoftHSM for testing
- add cmd/signer package to hold future signer command
- add test to use a private key from softhsm to create a root
  certificate
2022-04-13 08:32:16 +02:00
64e02b6903 Implement signing test and domain logic 2021-08-24 22:02:14 +02:00
3affc704d8 First DDD based signer implementation parts 2021-08-23 20:53:43 +02:00