gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 14:51:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
shankar0123
2026-05-05 18:18:29 +00:00
parent 7c5cc57d75
commit 75097909e9
71 changed files with 95 additions and 771 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/api/handler/acme.go
+1 -1
View File
@@ -167,7 +167,7 @@ func (h ACMEHandler) NewNonce(w http.ResponseWriter, r *http.Request) {
func (h ACMEHandler) directoryBaseURL(r *http.Request, profileID string) string {
scheme := "https"
if r.TLS == nil {
// HTTPS-only architecture decision (CLAUDE.md): the listener
// HTTPS-only architecture decision: the listener
// is TLS 1.3 pinned. r.TLS == nil only happens in tests with
// httptest.NewServer (non-TLS); honor http: for those.
scheme = "http"
internal/api/handler/admin_scep_intune.go
+1 -1
View File
@@ -17,7 +17,7 @@ import (
// service-side and the handler stays test-friendly.
//
// SCEP RFC 8894 + Intune master bundle Phase 9.1, extended in the
// Phase 9 follow-up (cowork/scep-gui-restructure-prompt.md) with
// Phase 9 follow-up (the project's SCEP GUI restructure spec) with
// Profiles for the per-profile SCEP Administration tab.
type AdminSCEPIntuneService interface {
// Stats returns one snapshot per configured SCEP profile (Intune-
internal/api/handler/metrics.go
+1 -1
View File
@@ -90,7 +90,7 @@ type VaultRenewalSnapshotter interface {
// (here).
//
// Rank 4 of the 2026-05-03 Infisical deep-research deliverable
// (cowork/infisical-deep-research-results.md Part 5).
// (the project's deep-research deliverable, Part 5).
type ExpiryAlertSnapshotter interface {
// SnapshotExpiryAlerts returns one entry per non-zero counter,
// pre-sorted by (channel, threshold, result) so the Prometheus
internal/api/handler/scep_chromeos_test.go
+1 -1
View File
@@ -286,7 +286,7 @@ func TestSCEPHandler_ChromeOSPKIMessage_AESVariants(t *testing.T) {
}
// TestSCEPHandler_ChromeOSPKIMessage_RAKeyMismatch — closure-bundle
// gap M-1 / acceptance D.1 (cowork/scep-bundle-gap-closure-prompt.md).
// gap M-1 / acceptance D.1 (the project's SCEP gap-closure spec).
// Build a PKIMessage encrypted to a freshly-generated RA cert whose
// matching private key the server does NOT have. The handler MUST
// reject (RFC 8894 path can't decrypt → falls through; MVP path can't
internal/api/handler/scep_intune_e2e_test.go
+1 -1
View File
@@ -614,7 +614,7 @@ func TestSCEPIntuneEnrollment_RateLimited_E2E(t *testing.T) {
// race with t.Parallel(), and signal.Notify is global). The SIGHUP
// goroutine's only job is to call Reload, so calling Reload directly is
// the equivalent contract — and stable in tests. Phase B frozen
// decision #3 in cowork/scep-bundle-gap-closure-prompt.md.
// decision #3 in the project's SCEP gap-closure spec.
func TestSCEPIntuneEnrollment_TrustAnchorSIGHUPReload_E2E(t *testing.T) {
fix := newIntuneE2EFixture(t)
now := time.Now()