[FEAT] Certificate Authority for client PKI files re-issuance (#68)

* FEAT: [cmn] Add CertReissue signaling event - Used by CA-enabled gateways to issue client certs/keys * FEAT: [cli][gw] Enable CA certificate reissue flow - Gateways can be CA-enabled and send new PKI to clients - Clients will store PKI for later reuse * TASK: [doc] Update docs for CA feature * TASK: [example] New reissue certificate example * TASK: [cmn][cli][gw] Update Rust dependencies
chewyfish · Feb 16, 2024 · c04fdfe · c04fdfe
1 parent 3996d07
commit c04fdfe
Show file tree

Hide file tree

Showing 28 changed files with 2,820 additions and 453 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/README.md b/README.md
@@ -23,11 +23,10 @@ This is early alpha, use with care.
 ### To-Do
 
 * Add Windows UDP support. Tested: macOS (Big Sur); Fedora 39, Windows 11 (TCP only)
-* Enhance gateway for runtime client certificate reissuance (on expiry or on demand)
 * Incorporate device posture trust assessment and rules processor for security enforcement
 * Build (more) testing: integration, performance, ...
 * Strategize non-name resolution (DNS/hosts file/...) approach to handle client hostname verification for TLS-type service connections
-* Consider supporting UDP multicast services
+* Consider supporting: UDP multicast services, QUIC
 * Consider gateway-to-gateway service proxy routing (reasons of proximity, security, ...)
 * Consider gateway load-balancing, via client redirect (reasons of load, rollout deployment, ...)
 * Accommodate integration to well-known identity provider (IdP) systems/protocols for user authentication and 2FA purposes

diff --git a/crates/client/src/config.rs b/crates/client/src/config.rs
@@ -285,7 +285,7 @@ pub mod tests {
         "client-uid100.key.pem",
     ];
 
-    static TEST_MUTEX: Lazy<Arc<Mutex<bool>>> = Lazy::new(|| Arc::new(Mutex::new(true)));
+    pub static TEST_MUTEX: Lazy<Arc<Mutex<bool>>> = Lazy::new(|| Arc::new(Mutex::new(true)));
 
     // utils
     // =====

diff --git a/crates/client/src/gateway/controller.rs b/crates/client/src/gateway/controller.rs
@@ -43,11 +43,12 @@ impl ControlPlane {
         let message_outbox = Arc::new(Mutex::new(VecDeque::new()));
 
         let management_controller = Arc::new(Mutex::new(management::ManagementController::new(
-            app_config,
+            app_config.clone(),
             service_mgr,
             message_outbox.clone(),
         )));
         let signaling_controller = Arc::new(Mutex::new(signaling::SignalingController::new(
+            &app_config,
             service_mgr,
             message_outbox.clone(),
         )));