...

Package client

import "github.com/googleapis/enterprise-certificate-proxy/client"
Overview
Index
Subdirectories

Overview ▾

Package client is a cross-platform client for the signer binary (a.k.a."EnterpriseCertSigner").

The signer binary is OS-specific, but exposes a standard set of APIs for the client to use.

Variables

ErrCredUnavailable is a sentinel error that indicates ECP Cred is unavailable, possibly due to missing config or missing binary path. 

var ErrCredUnavailable = errors.New("Cred is unavailable")

type Connection

A Connection wraps a pair of unidirectional streams as an io.ReadWriteCloser. 

type Connection struct {
    io.ReadCloser
    io.WriteCloser
}

func (*Connection) Close 

func (c *Connection) Close() error

Close closes c's underlying ReadCloser and WriteCloser.

type DecryptArgs

DecryptArgs contains arguments to for a Decrypt API call. 

type DecryptArgs struct {
    Ciphertext []byte               // The ciphertext to decrypt.
    Opts       crypto.DecrypterOpts // Options for decryption. Ex: an instance of *rsa.OAEPOptions.
}

type EncryptArgs

EncryptArgs contains arguments for an Encrypt API call. 

type EncryptArgs struct {
    Plaintext []byte // The plaintext to encrypt.
    Opts      any    // Options for encryption. Ex: an instance of crypto.Hash.
}

type Key

Key implements credential.Credential by holding the executed signer subprocess. 

type Key struct {
    // contains filtered or unexported fields
}

func Cred 

func Cred(configFilePath string) (*Key, error)

Cred spawns a signer subprocess that listens on stdin/stdout to perform certificate related operations, including signing messages with the private key.

The signer binary path is read from the specified configFilePath, if provided. Otherwise, use the default config file path.

The config file also specifies which certificate the signer should use.

func (*Key) CertificateChain 

func (k *Key) CertificateChain() [][]byte

CertificateChain returns the credential as a raw X509 cert chain. This contains the public key.

func (*Key) Close 

func (k *Key) Close() error

Close closes the RPC connection and kills the signer subprocess. Call this to free up resources when the Key object is no longer needed.

func (*Key) Decrypt 

func (k *Key) Decrypt(_ io.Reader, msg []byte, opts crypto.DecrypterOpts) (plaintext []byte, err error)

Decrypt decrypts a ciphertext msg into plaintext, using the specified decrypter opts. Implements crypto.Decrypter interface.

func (*Key) Encrypt 

func (k *Key) Encrypt(_ io.Reader, msg []byte, opts any) (ciphertext []byte, err error)

Encrypt encrypts a plaintext msg into ciphertext, using the specified encrypt opts.

func (*Key) Public 

func (k *Key) Public() crypto.PublicKey

Public returns the public key for this Key.

func (*Key) Sign 

func (k *Key) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) (signed []byte, err error)

Sign signs a message digest, using the specified signer opts. Implements crypto.Signer interface.

type SignArgs

SignArgs contains arguments for a Sign API call. 

type SignArgs struct {
    Digest []byte            // The content to sign.
    Opts   crypto.SignerOpts // Options for signing. Must implement HashFunc().
}

Subdirectories

Name Synopsis
..
util Package util provides helper functions for the client.