This commit changes the wire protocol to split between command
announcement and command payload to allow proper typing of sent and
received msgpack messages.
CRL fetching has been implemented as second command after the existing
health check command.
This refactoring commit renames all occurrences of the term "intermediary CA"
to "subordinate CA" for better alignment with the terms used in RFC-5280 and
other standard documents.
- create new type hsm.Access to encapsulate HSM operations
- make setup options operate on hsm.Access instances
- adapt tests and cmd/signer to work with hsm.Access
- implement a dedicated setup mode for creating CA certificates that is
triggered by the '-setup' command line flag
- switch to YAML configuration for comment support and more human
readable syntax. Format documentation is in docs/config.sample.yaml
- move HSM related code to pkg/hsm
- improve consistency checks in pkg/config
This commit implements a mechanism to load CA configuration dynamically from
JSON files. Missing keys and certificates can be generated in a PKCS#11 HSM
or Smartcard. Certificates are stored as PEM encoded .crt files in the
filesystem.
The default PKCS#11 module (softhsm2) is now loaded from a platform specific
path using go:build comments.
