...

Source file src/github.com/googleapis/enterprise-certificate-proxy/windows/client.go

Documentation: github.com/googleapis/enterprise-certificate-proxy/windows 

     1  // Copyright 2023 Google LLC.
     2  // Licensed under the Apache License, Version 2.0 (the "License");
     3  // you may not use this file except in compliance with the License.
     4  // You may obtain a copy of the License at
     5  //
     6  //     https://www.apache.org/licenses/LICENSE-2.0
     7  //
     8  // Unless required by applicable law or agreed to in writing, software
     9  // distributed under the License is distributed on an "AS IS" BASIS,
    10  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    11  // See the License for the specific language governing permissions and
    12  // limitations under the License.
    13  
    14  // Package windows contains a windows-specific client for accessing the ncrypt APIs directly,
    15  // bypassing the RPC-mechanism of the universal client.
    16  package windows
    17  
    18  import (
    19  	"crypto"
    20  	"io"
    21  
    22  	"github.com/googleapis/enterprise-certificate-proxy/internal/signer/windows/ncrypt"
    23  )
    24  
    25  // SecureKey is a public wrapper for the internal ncrypt implementation.
    26  type SecureKey struct {
    27  	key *ncrypt.Key
    28  }
    29  
    30  // CertificateChain returns the SecureKey's raw X509 cert chain. This contains the public key.
    31  func (sk *SecureKey) CertificateChain() [][]byte {
    32  	return sk.key.CertificateChain()
    33  }
    34  
    35  // Public returns the public key for this SecureKey.
    36  func (sk *SecureKey) Public() crypto.PublicKey {
    37  	return sk.key.Public()
    38  }
    39  
    40  // Sign signs a message digest, using the specified signer options.
    41  func (sk *SecureKey) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) (signed []byte, err error) {
    42  	return sk.key.Sign(nil, digest, opts)
    43  }
    44  
    45  // Close frees up resources associated with the underlying key.
    46  func (sk *SecureKey) Close() {
    47  	sk.key.Close()
    48  }
    49  
    50  // NewSecureKey returns a handle to the first available certificate and private key pair in
    51  // the specified Windows key store matching the filters.
    52  func NewSecureKey(issuer string, store string, provider string) (*SecureKey, error) {
    53  	k, err := ncrypt.Cred(issuer, store, provider)
    54  	if err != nil {
    55  		return nil, err
    56  	}
    57  	return &SecureKey{key: k}, nil
    58  }
    59  

View as plain text