- decouple config and messages
- cainfo maps from config.Profile to messages.CAProfile
- config parses profile usage
- validity can be configured per certificate profile, defaults are defined in
a defaultValidity method of the profile usage
- the client simulator emits certificate signing requests at random intervals
- add implementation of SingCertificateCommand to MsgPackHandler
- remove indirection signing.RequestSignature
This commit defines command codes for planned commands and response codes for
their corresponding responses.
The health response from the HSM access component has been reduced to avoid
unnecessary data transmissions.
A new CA information command has been implemented. This command can be used
to retrieve the CA certificate and profile information for a given CA name.
The client simulator has been updated to retrieve CA information for all
CAs when the list of CAs changes.
- add unit tests for all handwritten code in messages package
- use uuid.NewString() instead of uuid.NewUUID() to avoid unnecessary error
handling
- sort code in messages.go to put type related code close to each other
- move checkFailed from hsm.Access.Healthy method to messages.CertificateInfoFailed
- add typing for Status field of messages.CertificateInfo
- define protocols.ClientHandler interface as base for client implementations
- implement protocols.ClientHandler in clientsim's ClientHandler type
- move protocol state handling into protocols.ServerProtocol and
protocols.ClientProtocol
- move protocolState type into protocols.go
- reduce clientsim's TestCommandGenerator responsibility to test command
generation
- add a client generated command ID for tracing commands and responses
- define protocol delimiter in protocol.CobsDelimiter
- apply code simplifications suggested by golangci-lint
- add Makefile
- add compile time build information for signer binary
- make sure that dependencies for msgpackgen survive go mod tidy
- extract MsgPackHandler into its own file
- add CRL number to fetch CRL response
- remove port.Flush() to avoid removing written data before it reaches the
client
This commit changes the wire protocol to split between command
announcement and command payload to allow proper typing of sent and
received msgpack messages.
CRL fetching has been implemented as second command after the existing
health check command.
This commit adds basic serial link and protocol support. None of the commands
from the docs/design.md document is implemented yet.
The following new packages have been added:
- seriallink containing the serial link handler including COBS decoding and
encoding
- protocol containing the protocol handler including msgpack unmarshalling
and marshaling
- health containing a rudimentary health check implementation
- messages containing command and response types and generated msgpack
marshaling code
A client simulation command has been added in cmd/clientsim.
README.md got instructions how to run the client simulator. The
docs/config.sample.yaml contains a new section for the serial connection
parameters.
- create new type hsm.Access to encapsulate HSM operations
- make setup options operate on hsm.Access instances
- adapt tests and cmd/signer to work with hsm.Access
- implement a dedicated setup mode for creating CA certificates that is
triggered by the '-setup' command line flag
- switch to YAML configuration for comment support and more human
readable syntax. Format documentation is in docs/config.sample.yaml
- move HSM related code to pkg/hsm
- improve consistency checks in pkg/config
This commit implements a mechanism to load CA configuration dynamically from
JSON files. Missing keys and certificates can be generated in a PKCS#11 HSM
or Smartcard. Certificates are stored as PEM encoded .crt files in the
filesystem.
The default PKCS#11 module (softhsm2) is now loaded from a platform specific
path using go:build comments.
- add documentation how to initialize SoftHSM for testing
- add cmd/signer package to hold future signer command
- add test to use a private key from softhsm to create a root
certificate
