Complete M1, M1.1, M2: end-to-end lifecycle, agent deployment, ACME v2

- Wire issuer connector end-to-end with IssuerConnectorAdapter (dependency inversion) - Renewal/issuance job processor: RSA key + CSR generation, Local CA signing, cert version storage - Agent work API (GET /agents/{id}/work) and job status API (POST /agents/{id}/jobs/{job_id}/status) - Agent-side deployment: WorkItem enrichment with target type/config, NGINX/F5/IIS connector invocation - Full ACME v2 implementation: HTTP-01 challenge solving, account registration, order lifecycle - Update all docs (README, architecture, connectors, demo-advanced, quickstart) for M1-M2 - Fix go vet warning in deployment.go (non-constant format string) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-06-13 18:48:52 +00:00 · 2026-03-14 23:49:45 -04:00
parent 77a6ec7270
commit ab79dead13
16 changed files with 985 additions and 201 deletions
@@ -0,0 +1,59 @@
+package service
+
+import (
+	"context"
+
+	"github.com/shankar0123/certctl/internal/connector/issuer"
+)
+
+// IssuerConnectorAdapter bridges the connector-layer issuer.Connector interface with the
+// service-layer IssuerConnector interface. This maintains dependency inversion: the service
+// layer defines the interface it needs, and this adapter wraps the concrete connector.
+type IssuerConnectorAdapter struct {
+	connector issuer.Connector
+}
+
+// NewIssuerConnectorAdapter wraps an issuer.Connector to implement service.IssuerConnector.
+func NewIssuerConnectorAdapter(c issuer.Connector) IssuerConnector {
+	return &IssuerConnectorAdapter{connector: c}
+}
+
+// IssueCertificate delegates to the underlying connector's IssueCertificate method,
+// translating between service-layer and connector-layer types.
+func (a *IssuerConnectorAdapter) IssueCertificate(ctx context.Context, commonName string, sans []string, csrPEM string) (*IssuanceResult, error) {
+	result, err := a.connector.IssueCertificate(ctx, issuer.IssuanceRequest{
+		CommonName: commonName,
+		SANs:       sans,
+		CSRPEM:     csrPEM,
+	})
+	if err != nil {
+		return nil, err
+	}
+	return &IssuanceResult{
+		CertPEM:   result.CertPEM,
+		ChainPEM:  result.ChainPEM,
+		Serial:    result.Serial,
+		NotBefore: result.NotBefore,
+		NotAfter:  result.NotAfter,
+	}, nil
+}
+
+// RenewCertificate delegates to the underlying connector's RenewCertificate method,
+// translating between service-layer and connector-layer types.
+func (a *IssuerConnectorAdapter) RenewCertificate(ctx context.Context, commonName string, sans []string, csrPEM string) (*IssuanceResult, error) {
+	result, err := a.connector.RenewCertificate(ctx, issuer.RenewalRequest{
+		CommonName: commonName,
+		SANs:       sans,
+		CSRPEM:     csrPEM,
+	})
+	if err != nil {
+		return nil, err
+	}
+	return &IssuanceResult{
+		CertPEM:   result.CertPEM,
+		ChainPEM:  result.ChainPEM,
+		Serial:    result.Serial,
+		NotBefore: result.NotBefore,
+		NotAfter:  result.NotAfter,
+	}, nil
+}