Merged
Conversation
…ncrete class for storing CA profiles.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the OpenCertServer CA/EST surface area to be async-first (with cancellation support), and adjusts EST wire responses to support PKCS#7/DER delivery alongside PEM.
Changes:
- Convert CA signing / profile retrieval / certificate store operations to async APIs with
CancellationToken. - Update EST server handlers and EST client to use async CA APIs and return/consume PKCS#7 SignedData bytes by default (PEM still supported via
Accept). - Refresh and adapt tests/CLI to the new async method signatures and result shapes.
Reviewed changes
Copilot reviewed 63 out of 63 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/opencertserver.lambda.tests/opencertserver.lambda.tests.csproj | Bump AWS SDK test dep |
| tests/opencertserver.est.server.tests/TestCsrAttributesLoader.cs | Add cancellation token param |
| tests/opencertserver.est.server.tests/Steps/EstServer.cs | Await async CA signing + new tuple results |
| tests/opencertserver.est.server.tests/opencertserver.est.server.tests.csproj | Bump Reqnroll dep |
| tests/opencertserver.est.server.tests/Configuration/ConfigureCertificateAuthenticationOptions.cs | Async root cert provider (sync wait) |
| tests/opencertserver.cli.tests/StepDefinitions/TestCsrAttributesHandler.cs | Add cancellation token param |
| tests/opencertserver.cli.tests/opencertserver.cli.tests.csproj | Bump Reqnroll dep |
| tests/opencertserver.certserver.tests/StepDefinitions/TestCsrAttributesLoader.cs | Add cancellation token param |
| tests/opencertserver.certserver.tests/StepDefinitions/EstEnrollment.cs | Update EstClient usage/results |
| tests/opencertserver.certserver.tests/StepDefinitions/CertificateServerFeatures.cs | Using ordering cleanup |
| tests/opencertserver.certserver.tests/StepDefinitions/CertificateAuthority.cs | Minor const usage tweak |
| tests/opencertserver.certserver.tests/opencertserver.certserver.tests.csproj | Bump Reqnroll dep |
| tests/opencertserver.ca.tests/X509CertificateTests.cs | Async CA signing updates |
| tests/opencertserver.ca.tests/ValidateAll.cs | New chain validator test stub |
| tests/opencertserver.ca.tests/SignedDataTests.cs | New PKCS#7 SignedData test |
| tests/opencertserver.ca.tests/README.md | Add test project readme |
| tests/opencertserver.ca.tests/CertificateAuthorityTests.cs | Async PEM signing updates |
| src/opencertserver.lambda/DefaultIssuer.cs | Await async CA PEM signing |
| src/opencertserver.est.server/Handlers/SimpleReEnrollHandler.cs | Async + PKCS#7 response support |
| src/opencertserver.est.server/Handlers/SimpleEnrollHandler.cs | Async + PKCS#7 response support |
| src/opencertserver.est.server/Handlers/ServerKeyGenHandler.cs | Cancellation-aware body read/sign |
| src/opencertserver.est.server/Handlers/MultipartContentResult.cs | Extract result type + cancellation |
| src/opencertserver.est.server/Handlers/ICsrTemplateLoader.cs | Add cancellation token to interface |
| src/opencertserver.est.server/Handlers/CsrTemplateLoader.cs | Extract default loader impl |
| src/opencertserver.est.server/Handlers/CsrAttributesHandler.cs | Add cancellation token param |
| src/opencertserver.est.server/Handlers/Constants.cs | Split PKCS#7 vs PEM mime constants |
| src/opencertserver.est.server/Handlers/CaCertHandler.cs | Async certificate provider |
| src/opencertserver.est.server/EstServerExtensions.cs | Register async root cert factory |
| src/opencertserver.est.client/EstClient.cs | Rework enroll/reenroll to tuple + PKCS#7 |
| src/opencertserver.cli/Program_EstReEnroll.cs | Print EST errors from tuple result |
| src/opencertserver.certserver/TestCsrAttributesHandler.cs | Remove test-only loader |
| src/opencertserver.certserver/Program.cs | Add CA utils using |
| src/opencertserver.certserver/DefaultIssuer.cs | Await async CA PEM signing |
| src/opencertserver.certserver/ConfigureCertificateAuthenticationOptions.cs | Async root cert provider (sync wait) |
| src/opencertserver.ca/IValidateX509Chains.cs | New chain validation interface |
| src/opencertserver.ca/CertificateAuthority.cs | Convert CA core to async operations |
| src/opencertserver.ca/CaProfileSet.cs | Async profile retrieval interface impl |
| src/opencertserver.ca/CaConfiguration.cs | Depend on IStoreCaProfiles |
| src/opencertserver.ca.utils/RDNSequenceTemplate.cs | Comment placement tweak |
| src/opencertserver.ca.utils/Pkcs7/SignerInfo.cs | New PKCS#7 SignerInfo model |
| src/opencertserver.ca.utils/Pkcs7/SignedData.cs | New PKCS#7 SignedData model |
| src/opencertserver.ca.utils/Pkcs7/IssuerAndSerialNumber.cs | New PKCS#7 structure |
| src/opencertserver.ca.utils/Pkcs7/DigestAlgorithmIdentifier.cs | New PKCS#7 structure |
| src/opencertserver.ca.utils/Pkcs7/ContentInfo.cs | New PKCS#7 structure |
| src/opencertserver.ca.utils/Ocsp/ResponderIdByName.cs | Split OCSP responder types |
| src/opencertserver.ca.utils/Ocsp/ResponderIdByKey.cs | Split OCSP responder types |
| src/opencertserver.ca.utils/Ocsp/ResponderId.cs | Remove combined responder file |
| src/opencertserver.ca.utils/Ocsp/IResponderId.cs | Extract responder interface |
| src/opencertserver.ca.utils/CertificateExtensions.cs | Minor perf/formatting tweaks |
| src/opencertserver.ca.utils/Ca/IValidateCertificateRequests.cs | Async validator interface |
| src/opencertserver.ca.utils/Ca/IStoreCertificates.cs | Async + cancellation in store APIs |
| src/opencertserver.ca.utils/Ca/IStoreCaProfiles.cs | Async profile store interface |
| src/opencertserver.ca.utils/Ca/InMemoryCertificateStore.cs | Implement new store signatures |
| src/opencertserver.ca.utils/Ca/ICertificateAuthority.cs | Async CA interface |
| src/opencertserver.ca.utils/Ca/CertificateItemInfo.cs | Extract metadata type to own file |
| src/opencertserver.ca.utils/Ca/CertificateItem.cs | Remove nested metadata type |
| src/opencertserver.ca.utils/Ca/CaProfile.cs | Move to utils namespace + docs |
| src/opencertserver.ca.server/ValidateAll.cs | Default permissive chain validator |
| src/opencertserver.ca.server/Handlers/CsrHandler.cs | Async CA signing + cancellation |
| src/opencertserver.ca.server/Handlers/CertificateRetrievalHandler.cs | Pass cancellation into store query |
| src/opencertserver.ca.server/Extensions.cs | Register profiles + new validator type |
| src/CertesSlim/CertesSlim.csproj | Bump IdentityModel dependency |
| build/opencertserver.build/opencertserver.build.csproj | Bump GitVersion.MsBuild |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Update API to use async methods