Merge pull request ThalesGroup#24 from thalescpl-io/verify_cert_chain…

…_improvements

Additional behavior for verifying cert chains - now handles the cases…

cmd/k8s-kms-plugin/cmd/decrypt-csr.go

@@ -88,7 +88,7 @@ func decryptCSR() error {
 func init() {
 	rootCmd.AddCommand(decryptCSRCmd)
 	decryptCSRCmd.PersistentFlags().StringVar(&socketPath, "socket", filepath.Join(os.TempDir(), "run", "hsm-plugin-server.sock"), "Unix Socket")
-	decryptCSRCmd.Flags().DurationVar(&timeout, "timeout", 10*time.Second, "Timeout Duration")
+	decryptCSRCmd.Flags().DurationVar(&timeout, "timeout", 30*time.Second, "Timeout Duration")
 	decryptCSRCmd.Flags().StringVarP(&inName, "inName", "f", "", "Input file")
 	decryptCSRCmd.Flags().StringVarP(&outName, "outName", "o", "", "Output file")
 }

cmd/k8s-kms-plugin/cmd/generate-kek.go

@@ -46,6 +46,6 @@ func generateKEK() error {
 func init() {
 	rootCmd.AddCommand(generateKEKCmd)
 	generateKEKCmd.PersistentFlags().StringVar(&socketPath, "socket", filepath.Join(os.TempDir(), "run", "hsm-plugin-server.sock"), "Unix Socket")
-	generateKEKCmd.Flags().DurationVar(&timeout, "timeout", 10*time.Second, "Timeout Duration")
+	generateKEKCmd.Flags().DurationVar(&timeout, "timeout", 30*time.Second, "Timeout Duration")
 	generateKEKCmd.Flags().StringVar(&kekID, "kek-id", "", "KEK ID to request")
 }

cmd/k8s-kms-plugin/cmd/import-ca.go

@@ -61,7 +61,7 @@ func init() {
 	rootCmd.AddCommand(importCaCmd)
 
 	importCaCmd.PersistentFlags().StringVar(&socketPath, "socket", filepath.Join(os.TempDir(), "run", "hsm-plugin-server.sock"), "Unix Socket")
-	importCaCmd.Flags().DurationVar(&timeout, "timeout", 10*time.Second, "Timeout Duration")
+	importCaCmd.Flags().DurationVar(&timeout, "timeout", 30*time.Second, "Timeout Duration")
 	importCaCmd.Flags().StringVarP(&caCertPath, "cert-file", "f", "", "Certificate File")
 	importCaCmd.MarkFlagRequired("cert-file")
 }