crypto/signer: introduce Signer interface; refactor local issuer to use it

This is a load-bearing internal refactor with no user-visible behavior change. The new internal/crypto/signer package abstracts CA private-key signing behind a Signer interface (embeds stdlib crypto.Signer + adds Algorithm()). The local issuer now consumes this interface; the historical c.caKey crypto.Signer field is renamed c.caSigner signer.Signer. What landed: * internal/crypto/signer/ — new stdlib-only package - Signer interface: crypto.Signer + Algorithm() - Algorithm enum: RSA-2048, RSA-3072, RSA-4096, ECDSA-P256, ECDSA-P384 - Driver interface: Load / Generate / Name - FileDriver: production driver, wraps file-on-disk PEM, hooks for DirHardener + Marshaler so the local package can inject Bundle 9 keystore.ensureKeyDirSecure + keymem.marshalPrivateKeyAndZeroize - MemoryDriver: in-memory test driver; safe for concurrent use - parse.go: ParsePrivateKey moved here from local.go (PKCS#1, SEC 1, PKCS#8) - 91.6% coverage (gate ≥85) * internal/connector/issuer/local/local.go — refactor - Rename c.caKey crypto.Signer → c.caSigner signer.Signer - Rewire 4 signing call sites: leaf cert (line ~613), CRL (~849), OCSP response (~887), CA bootstrap (~482) — all access the interface; the bootstrap also switches to interface-level Public() + Signer - Wrap freshly-generated and freshly-loaded keys; reject Ed25519 and other unsupported algorithms at load time (was silently accepted before, would have failed at first sign) - Delete the duplicated parsePrivateKey helper (single source of truth now lives in the signer package) - Update the L-014 threat-model comment block (lines 1-29) with a forward-reference paragraph: file-on-disk caveats apply only to FileDriver-backed signers; alternative drivers close that leg - Coverage 86.7 → 86.5 (above CI floor of 86); the 0.2pp drop is mechanical from deleting parsePrivateKey, partially recovered by a new test pinning the Wrap error path * internal/crypto/signer/equivalence_test.go — Phase 3 safety net - RSA byte-strict equality for leaf certs / CRLs / OCSP responses (PKCS#1 v1.5 is deterministic) - ECDSA TBS-strict equality (signature differs because of random k) - Both signatures independently validate against the CA - Negative sentinel proves the equivalence checker isn't trivially- passing * docs/architecture.md — new 'CA Signing Abstraction' section under Security Model, with ASCII diagram of FileDriver / MemoryDriver / future PKCS11Driver / future CloudKMSDriver * Test file mechanical edits (only): - bundle9_coverage_test.go: parsePrivateKey → signer.ParsePrivateKey (function moved, not behavior changed) - local_test.go: append one targeted test (TestSubCA_LoadCAFromDisk_RejectsUnsupportedKeyAlgorithm) that pins the new Wrap error path I introduced — recovers coverage cost of the deletion above What did NOT change (verified empty diffs): * api/openapi.yaml * migrations/ * internal/connector/issuer/interface.go * go.mod / go.sum (no new dependencies; stdlib only) This refactor is the prerequisite for three downstream items: - PKCS#11/HSM driver (V3-Pro) - CRL/OCSP responder (V2) - SSH CA lifecycle (V2) Each of those adds a new signing call site. Doing the abstraction now costs once; deferring would cost three times.
2026-06-13 22:48:58 +00:00 · 2026-04-28 22:03:55 +00:00
parent 177772929b
commit fdd445c09f
12 changed files with 2057 additions and 47 deletions
@@ -23,6 +23,7 @@ import (
 	"time"

 	"github.com/shankar0123/certctl/internal/connector/issuer"
+	"github.com/shankar0123/certctl/internal/crypto/signer"
 )

 // Bundle-9 / Audit H-010 + L-002 + L-003 + L-012 + M-028 regression suite.
@@ -133,7 +134,7 @@ func TestGetRenewalInfo_ReturnsNilNil(t *testing.T) {
 func TestParsePrivateKey_RSAPKCS1(t *testing.T) {
 	k := mustGenRSAKey(t)
 	der := x509.MarshalPKCS1PrivateKey(k)
-	signer, err := parsePrivateKey(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: der})
+	signer, err := signer.ParsePrivateKey(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: der})
 	if err != nil {
 		t.Fatalf("parsePrivateKey RSA PKCS1: %v", err)
 	}
@@ -148,7 +149,7 @@ func TestParsePrivateKey_ECPrivateKey(t *testing.T) {
 	if err != nil {
 		t.Fatalf("marshal: %v", err)
 	}
-	signer, err := parsePrivateKey(&pem.Block{Type: "EC PRIVATE KEY", Bytes: der})
+	signer, err := signer.ParsePrivateKey(&pem.Block{Type: "EC PRIVATE KEY", Bytes: der})
 	if err != nil {
 		t.Fatalf("parsePrivateKey EC: %v", err)
 	}
@@ -163,7 +164,7 @@ func TestParsePrivateKey_PKCS8RSA(t *testing.T) {
 	if err != nil {
 		t.Fatalf("marshal pkcs8: %v", err)
 	}
-	signer, err := parsePrivateKey(&pem.Block{Type: "PRIVATE KEY", Bytes: der})
+	signer, err := signer.ParsePrivateKey(&pem.Block{Type: "PRIVATE KEY", Bytes: der})
 	if err != nil {
 		t.Fatalf("parsePrivateKey PKCS8: %v", err)
 	}
@@ -178,7 +179,7 @@ func TestParsePrivateKey_PKCS8ECDSA(t *testing.T) {
 	if err != nil {
 		t.Fatalf("marshal pkcs8: %v", err)
 	}
-	signer, err := parsePrivateKey(&pem.Block{Type: "PRIVATE KEY", Bytes: der})
+	signer, err := signer.ParsePrivateKey(&pem.Block{Type: "PRIVATE KEY", Bytes: der})
 	if err != nil {
 		t.Fatalf("parsePrivateKey PKCS8 ECDSA: %v", err)
 	}
@@ -188,7 +189,7 @@ func TestParsePrivateKey_PKCS8ECDSA(t *testing.T) {
 }

 func TestParsePrivateKey_UnknownType(t *testing.T) {
-	_, err := parsePrivateKey(&pem.Block{Type: "DSA PRIVATE KEY", Bytes: []byte{1, 2, 3}})
+	_, err := signer.ParsePrivateKey(&pem.Block{Type: "DSA PRIVATE KEY", Bytes: []byte{1, 2, 3}})
 	if err == nil {
 		t.Fatal("expected error on unknown PEM type")
 	}
@@ -198,7 +199,7 @@ func TestParsePrivateKey_UnknownType(t *testing.T) {
 }

 func TestParsePrivateKey_MalformedPKCS8(t *testing.T) {
-	_, err := parsePrivateKey(&pem.Block{Type: "PRIVATE KEY", Bytes: []byte{0xff, 0xff, 0xff}})
+	_, err := signer.ParsePrivateKey(&pem.Block{Type: "PRIVATE KEY", Bytes: []byte{0xff, 0xff, 0xff}})
 	if err == nil {
 		t.Fatal("expected error on malformed PKCS8")
 	}
@@ -855,4 +856,3 @@ func TestGenerateCertificate_WithMaxTTLCap(t *testing.T) {
 		t.Errorf("MaxTTL cap not honored, got window %s", got)
 	}
 }
-