Commit graph

24 commits

Author SHA1 Message Date
73aad9d74e Continue certificate signing implementation
- parse PEM CSRs to DER before sending them to the signer
- handle SignCertificate and SignOpenPGP response messages
- add file system prefix constants for writing certificate files
- define supported hash algorithms
- fix handling of signing requests without organization, organizational unit,
  or location information
- use a different SMTP port for debugging with mailpit
2024-01-12 20:48:13 +01:00
a6317c82c5 Add legacydb package to support existing MySQL DB
- add new legacydb package
- fix warnings
2024-01-12 19:07:24 +01:00
eb92755ef6 Drop copyright year requirement 2024-01-12 19:06:13 +01:00
8f0cf1a523 Update dependencies 2024-01-12 19:06:01 +01:00
f3c0e1379f Improve robustness and concurrency handling
- Rename client.CertInfo to CACertificateInfo
- declare commands channel inside client.Run, there is no need to inject it
  from the outside
- let command generating code in client.commandLoop run in goroutines to
  allow parallel handling of queued commands and avoid blocking operations
- pass context to command generating functions to allow cancellation
- guard access to c.knownCACertificates by mutex.Lock and mutex.Unlock
- make command channel capacity configurable
- update to latest cacert-gosigner dependency for channel direction support
- improve handling of closed input channel
- reduce client initialization to serial connection setup, move callback and
  handler parameters to client.Run invocation
2022-12-04 14:20:34 +01:00
ef1ac1950b Update documented go version 2022-12-03 13:41:08 +01:00
4345e5d899 Implement graceful shutdown of client
Install handlers for SIGTERM and command line interrupt.
2022-12-03 13:35:56 +01:00
9c608ed81f Fix potential race condition in client
Synchronize go routines in client.Run to make sure to avoid access to the
common context before use.
2022-12-03 13:15:44 +01:00
f4a1958307 Improve -generate-config handling
- do not print client version when running with the -generate-config option
- add a YAML document prefix before the raw YAML output
- use proper exit codes on errors
2022-12-03 13:02:04 +01:00
a688eb105b Add documentation how to run the signer client 2022-12-03 12:58:28 +01:00
c65853d1f9 Implement config generator
This commit adds code to allow the generation of a default client
configuration. The generator is run instead of the regular client
code, when the option -generate-config is passed on the command
line.
2022-12-03 12:22:00 +01:00
da24ae70b6 Implement CA certificate information handling
Change the behaviour of the client to use the new CAInfoCommand support in
cacert-gosigner.

The client has a new mechanism to generate new commands as reaction to
received responses. This functionality is used to retrieve CA certificate
information when certificates previously unknown to the client appear
and to trigger CRL retrieval for new certificates.

New CA certificates announced by the signer are detected and information is
retrieved. The retrieved CA certificate is stored alongside the CRL files
in a configurable directory (defaults to "public" in the working directory
of the signerclient process).
2022-12-03 11:52:32 +01:00
199f0ee0c0 Build system improvements
- remove cgo specific environment variables from goreleaser
  configuration
- add -trimpath option to go build calls
- add snapshot target in Makefile to run goreleaser
2022-12-02 09:49:38 +01:00
9fda786348 Update all dependencies
This commit updates versions of all external dependencies. The change to
the COBSFramer in cacert-gosigner lead to a change in the client package.
2022-12-02 09:14:24 +01:00
d438238118 Adapt to changed cacert-gosigner interface package
- update cacert-gosigner dependency
- add context parameter to fullfil interface contracts
2022-12-01 21:43:07 +01:00
23174c9c7d Update cacert-gosigner dependency
- update dependency
- adapt to refactoring in messages package
2022-12-01 11:37:14 +01:00
792675c8c5 Improve CRL fetching
- improve client data structures
- do not fetch CRLs for root CA certificates
2022-11-30 20:21:51 +01:00
4d9d826e8b Update cacert-gosigner dependency 2022-11-30 20:13:16 +01:00
da17fb69d7 Implement CRL and Health response handling
- add callback support to client and handler
- implement support for updating the CA certificates and profiles from
  health data of the signer
- implement CRL retrieval from the signer including delta CRL support
- implement error response handling
- add configurable start and interval timers for health and CRL data
2022-11-30 18:56:57 +01:00
0e32f7fd16 Add project description and development documentation 2022-11-29 20:15:59 +01:00
be7bbc8101 Add goreleaser configuration 2022-11-29 20:15:39 +01:00
e63fcab430 Update cacert-gosigner dependency 2022-11-29 20:15:15 +01:00
3af7530cab Add Apache License 2.0 text 2022-11-29 20:14:10 +01:00
91d4f69a9b Initial signer client implementation
This commit adds the project setup and implements a basic signer client that
sends health check commands to the signer.
2022-11-29 16:23:16 +01:00