gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-14 03:58:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(M49): Entrust, GlobalSign & EJBCA issuer connectors

Browse Source 
Add three new issuer connectors completing commercial and open-source CA
coverage. Entrust uses mTLS client certificate auth with sync/async
issuance. GlobalSign Atlas uses mTLS + API key/secret dual auth with
serial-based tracking. EJBCA supports dual auth (mTLS or OAuth2) for
self-hosted Keyfactor CAs.

Each connector implements the full issuer.Connector interface (9 methods),
includes httptest-based unit tests (~14 each), and follows established
patterns (injectable HTTP clients, RFC 5280 revocation reason mapping,
CRL/OCSP delegated to CA).

Also includes: issuer factory cases, env var seeding, config structs,
domain types, seed data (3 rows, all disabled), OpenAPI enum updates,
frontend issuer catalog entries with config fields, and full docs
(connectors.md, architecture.md, features.md, README).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
shankar0123
2026-04-15 22:24:12 -04:00
parent f3a85d6b08
commit 3f619bcaac
17 changed files with 3820 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/connector/issuerfactory/factory.go
+24
View File
@@ -9,6 +9,9 @@ import (
"github.com/shankar0123/certctl/internal/connector/issuer/acme"
"github.com/shankar0123/certctl/internal/connector/issuer/awsacmpca"
"github.com/shankar0123/certctl/internal/connector/issuer/digicert"
"github.com/shankar0123/certctl/internal/connector/issuer/ejbca"
"github.com/shankar0123/certctl/internal/connector/issuer/entrust"
"github.com/shankar0123/certctl/internal/connector/issuer/globalsign"
"github.com/shankar0123/certctl/internal/connector/issuer/googlecas"
"github.com/shankar0123/certctl/internal/connector/issuer/local"
"github.com/shankar0123/certctl/internal/connector/issuer/openssl"
@@ -89,6 +92,27 @@ func NewFromConfig(issuerType string, configJSON json.RawMessage, logger *slog.L
}
return awsacmpca.New(&cfg, logger), nil
case "Entrust":
var cfg entrust.Config
if err := json.Unmarshal(configJSON, &cfg); err != nil {
return nil, fmt.Errorf("invalid Entrust config: %w", err)
}
return entrust.New(&cfg, logger), nil
case "GlobalSign":
var cfg globalsign.Config
if err := json.Unmarshal(configJSON, &cfg); err != nil {
return nil, fmt.Errorf("invalid GlobalSign config: %w", err)
}
return globalsign.New(&cfg, logger), nil
case "EJBCA":
var cfg ejbca.Config
if err := json.Unmarshal(configJSON, &cfg); err != nil {
return nil, fmt.Errorf("invalid EJBCA config: %w", err)
}
return ejbca.New(&cfg, logger), nil
default:
return nil, fmt.Errorf("unknown issuer type: %q", issuerType)
}