update config templates to support edgeCA handling via EST

Signed-off-by: Joerg Zeidler <[email protected]>

Author: JoergZeidler

Cargo.lock

@@ -7,7 +7,7 @@ license = "MIT OR Apache-2.0"
 name = "omnect-cli"
 readme = "README.md"
 repository = "https://github.com/omnect/omnect-cli"
-version = "0.25.1"
+version = "0.26.0"
 
 [dependencies]
 actix-web = "4.9"

Cargo.toml

@@ -24,6 +24,7 @@ retry = "4%"
 [cert_issuance.est]
 trusted_certs = [
      "file:///mnt/cert/ca/ca.crt",
+     "file:///mnt/cert/ca/edge_ca.crt",
 ]
 
 [cert_issuance.est.auth]
@@ -32,3 +33,15 @@ bootstrap_identity_pk = "file:///mnt/cert/priv/device_id_cert_key.pem"
 
 [cert_issuance.est.urls]
 default = "https://omnect-est.url:8080/.well-known/est"
+
+[edge_ca]
+method = "est"
+common_name = "test-omnect-est"
+url = "https://omnect-est.url2/.well-known/est"
+bootstrap_identity_cert = "file:///mnt/cert/priv/edge_ca_cert.pem"
+bootstrap_identity_pk = "file:///mnt/cert/priv/edge_ca_cert_key.pem"
+
+[edge_ca.auto_renew]
+rotate_key = true
+threshold = "80%"
+retry = "4%"

conf/config.toml.est.template

@@ -9,7 +9,24 @@ id_scope = "my-scope-id"
 
 [provisioning.attestation]
 method = "tpm"
-registration_id = "my-reg-id"
+registration_id = "my-omnect-iot-tpm-device"
+
+[cert_issuance.est]
+trusted_certs = [
+     "file:///mnt/cert/ca/edge_ca.crt",
+]
+
+[edge_ca]
+method = "est"
+common_name = "my-omnect-iot-tpm-device"
+url = "https://omnect-est.url:8080/.well-known/est"
+bootstrap_identity_cert = "file:///mnt/cert/priv/edge_ca_cert.pem"
+bootstrap_identity_pk = "file:///mnt/cert/priv/edge_ca_cert_key.pem"
+
+[edge_ca.auto_renew]
+rotate_key = true
+threshold = "80%"
+retry = "4%"
 
 # [tpm]
 # tcti = "device:/dev/tpmrm0" # adapt if using e.g. abrmd, default is "device"

conf/config.toml.tpm.template

@@ -121,6 +121,8 @@ struct Tpm {
 #[serde(deny_unknown_fields)]
 #[allow(dead_code)]
 struct EdgeCA {
+    cert: Option<String>,
+    pk: Option<String>,
     method: String,
     common_name: String,
     url: String,