gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 12:41:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(M49): Entrust, GlobalSign & EJBCA issuer connectors

Browse Source 
Add three new issuer connectors completing commercial and open-source CA
coverage. Entrust uses mTLS client certificate auth with sync/async
issuance. GlobalSign Atlas uses mTLS + API key/secret dual auth with
serial-based tracking. EJBCA supports dual auth (mTLS or OAuth2) for
self-hosted Keyfactor CAs.

Each connector implements the full issuer.Connector interface (9 methods),
includes httptest-based unit tests (~14 each), and follows established
patterns (injectable HTTP clients, RFC 5280 revocation reason mapping,
CRL/OCSP delegated to CA).

Also includes: issuer factory cases, env var seeding, config structs,
domain types, seed data (3 rows, all disabled), OpenAPI enum updates,
frontend issuer catalog entries with config fields, and full docs
(connectors.md, architecture.md, features.md, README).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
shankar0123
2026-04-15 22:24:12 -04:00
parent f3a85d6b08
commit 3f619bcaac
17 changed files with 3820 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
migrations/seed_demo.sql
+4 -1
View File
@@ -48,7 +48,10 @@ INSERT INTO issuers (id, name, type, config, enabled, created_at, updated_at) VA
('iss-digicert', 'DigiCert CertCentral', 'DigiCert', '{"base_url": "https://www.digicert.com/services/v2", "product_type": "ssl_basic"}', true, NOW() - INTERVAL '15 days', NOW() - INTERVAL '15 days'),
('iss-sectigo', 'Sectigo SCM', 'Sectigo', '{"base_url": "https://cert-manager.com/api", "cert_type": 423, "term": 365}', true, NOW() - INTERVAL '10 days', NOW() - INTERVAL '10 days'),
('iss-googlecas','Google CAS', 'GoogleCAS', '{"project": "demo-project", "location": "us-central1", "ca_pool": "demo-pool"}', false, NOW() - INTERVAL '5 days', NOW() - INTERVAL '5 days'),
('iss-awsacmpca','AWS ACM Private CA', 'AWSACMPCA', '{"region": "us-east-1", "ca_arn": "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/demo", "signing_algorithm": "SHA256WITHRSA", "validity_days": 365}', false, NOW() - INTERVAL '3 days', NOW() - INTERVAL '3 days')
('iss-awsacmpca','AWS ACM Private CA', 'AWSACMPCA', '{"region": "us-east-1", "ca_arn": "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/demo", "signing_algorithm": "SHA256WITHRSA", "validity_days": 365}', false, NOW() - INTERVAL '3 days', NOW() - INTERVAL '3 days'),
('iss-entrust', 'Entrust CA', 'Entrust', '{"api_url": "https://api.managed.entrust.com/v1/", "ca_id": "demo-ca-id"}', false, NOW() - INTERVAL '2 days', NOW() - INTERVAL '2 days'),
('iss-globalsign','GlobalSign Atlas', 'GlobalSign', '{"api_url": "https://emea.api.hvca.globalsign.com:8443/v2/"}', false, NOW() - INTERVAL '1 day', NOW() - INTERVAL '1 day'),
('iss-ejbca', 'EJBCA Enterprise', 'EJBCA', '{"api_url": "https://ejbca.internal:8443/ejbca/ejbca-rest-api/v1", "auth_mode": "mtls", "ca_name": "DemoCA"}', false, NOW() - INTERVAL '1 day', NOW() - INTERVAL '1 day')
ON CONFLICT (id) DO NOTHING;
-- ============================================================