Commit graph

9 commits

Author SHA1 Message Date
Mariano Cano
955d4cf80d Add authority.WithX509SignerFunc
This change adds a new authority option that allows to pass a callback
that returns the certificate chain and signer used to sign X.509
certificates.

This option will be used by Caddy, they renew the intermediate
certificate weekly and there's no other way to replace it without
re-creating the embedded CA.

Fixes #874
2022-03-28 17:54:35 -07:00
Mariano Cano
e15b5faf7d Merge branch 'master' into keyvault 2021-10-12 15:15:35 -07:00
max furman
933b40a02a Introduce gocritic linter and address warnings 2021-10-08 14:59:57 -04:00
Mariano Cano
52a18e0c2d Add key name to CreateCertificateAuthority 2021-10-07 14:19:39 -07:00
Mariano Cano
6d644880bd Allow to kms signers to define the SignatureAlgorithm
CloudKMS keys signs data using an specific signature algorithm, in RSA keys,
this can be PKCS#1 RSA or RSA-PSS, if the later is used, x509.CreateCertificate
will fail unless the template SignatureCertificate is properly set.

On contrast, AWSKMS RSA keys, are just RSA keys, and can sign with PKCS#1 or
RSA-PSS schemes, so right now the way to enforce one or the other is to used
templates.
2021-09-08 17:48:50 -07:00
Herman Slatman
7ad90d10b3
Refactor initialization of SCEP authority 2021-02-26 00:32:21 +01:00
Miclain Keffeler
7545b4a625 leverage intermediate_ca.crt for appending certs. 2020-12-23 22:41:10 -06:00
Mariano Cano
7aa8a8fe1e Complete tests for softCAS. 2020-11-03 12:45:31 -08:00
Mariano Cano
e146b3fe16 Add Unit tests for softcas. 2020-09-15 19:37:02 -07:00