feat: add native Windows ADCS connenction logic#297
Conversation
|
💬 Discussion in Slack: #pr-review-cli-297-feat-add-native-windows-adcs-connenction-logic Posted by Review Police — reviews, comments, new commits, and CI failures will stream into this channel. |
|
| Filename | Overview |
|---|---|
| packages/gateway-v2/adcs/adcs.go | New MS-WCCE/DCOM client implementing CA discovery, template listing, and certificate enrollment. Template injection (\r\n check) is fixed; registry key handles (hklm.Key, sub.ResultKey) are not explicitly closed via BaseRegCloseKey. |
| packages/gateway-v2/adcs_handler.go | New HTTP handler routing ADCS operations over the mTLS tunnel. ServeMux is now correctly initialised once via sync.OnceValue. Two issues remain: env.Host is used without allowlist validation (SSRF), and operation handler errors are returned verbatim to callers. |
| packages/gateway-v2/gateway.go | Adds ForwardModeADCS and the "infisical-adcs" ALPN protocol; wires serveAdcsOverTLS into the channel dispatcher. Change is minimal and follows the existing PKCS#11 pattern exactly. |
| packages/cmd/root.go | Adds a FormatMessage override to zerolog ConsoleWriter to suppress the bold formatting introduced in zerolog v1.35, keeping CLI output consistent with prior releases. |
| go.mod | Adds go-msrpc, go-smb2.fork, pkcs7, and related transitive dependencies for Windows ADCS support; bumps zerolog, golang.org/x/* packages, and go-colorable to current minors. |
Reviews (2): Last reviewed commit: "Address bot PR comments" | Re-trigger Greptile
PR overviewAll previously flagged issues have been addressed. No open security concerns remain on this pull request. Security reviewNo open security issues remain on this pull request. Fixed/addressed: 2 · PR risk: 0/10 |
24cfba7 to
58628c4
Compare
|
@greptile can you re-review and update your original summary please |
Description 📣
Type ✨
Tests 🛠️
# Here's some code block to paste some code snippets