diff --git a/client/client.go b/client/client.go new file mode 100644 index 00000000..e606f843 --- /dev/null +++ b/client/client.go @@ -0,0 +1,35 @@ +package client + +import ( + "github.com/docker/parsec/types" +) + +// Client is a Parsec client representing a connection and set of API implementations +type Client struct { + *conn + SystemClient + KeyManagerClient +} + +// KeyManagerClient is an interface to the key management facilities of Parsec +type KeyManagerClient interface { + KeyGet(keyid types.KeyID) (Key, error) + KeyImport(k Key) error + KeyDelete(keyid types.KeyID) error + KeyList() ([]Key, error) +} + +// SystemClient is an interface to the system calls of Parsec +type SystemClient interface { + Version() string + Info() (types.Info, error) +} + +// InitClient initializes a Parsec client +func InitClient() (*Client, error) { + return nil, nil +} + +func (c Client) KeyGet(keyid types.KeyID) (Key, error) { + return &key{}, nil +} diff --git a/client/conn.go b/client/conn.go new file mode 100644 index 00000000..cf8170a4 --- /dev/null +++ b/client/conn.go @@ -0,0 +1,34 @@ +package client + +import ( + "io" + "sync" +) + +type conn struct { + sync.Mutex + rwc *io.ReadWriteCloser + path string +} + +func (conn *conn) close() error { + conn.Lock() + defer conn.Unlock() + if conn.rwc != nil { + rwc := *conn.rwc + rwc.Close() + } + conn.rwc = nil + return nil +} + +func (conn *conn) open() error { + conn.Lock() + defer conn.Unlock() + // rwc, err := OpenParsec(conn.path) + // if err != nil { + // return err + // } + // conn.rwc = &rwc + return nil +} diff --git a/client/key.go b/client/key.go new file mode 100644 index 00000000..5e612aac --- /dev/null +++ b/client/key.go @@ -0,0 +1,39 @@ +package client + +import ( + "io" + "crypto" + "github.com/docker/parsec/types" +) + +// Key defines an interface for any cryptographic key +type Key interface { +} + +// VerifyingKey defines an interface for a public key used to verify digital signatures +type VerifyingKey interface { + Key + crypto.PublicKey + Verify(digest []byte, signature []byte) error +} + +// SigningKey defines an interface for a private key used to generate digital signatures +type SigningKey interface { + Key + crypto.Signer +} + +// DecryptingKey defines an interface for a private key used to decrypt data +type DecryptingKey interface { + Key + crypto.Decrypter +} + +type key struct { + conn *conn + attributes types.KeyAttributes +} + +func (key key) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) (signature []byte, err error) { + return nil, nil +} diff --git a/client/tls.go b/client/tls.go new file mode 100644 index 00000000..cc0ef2f3 --- /dev/null +++ b/client/tls.go @@ -0,0 +1,21 @@ +package client + +import ( + "errors" + "crypto/tls" + "encoding/pem" +) + +// X509KeyPair returns a TLS certificate based on a PEM-encoded certificate and a parsec defined private key +func X509KeyPair(certPEMBlock []byte, k Key) (*tls.Certificate, error) { + cert := &tls.Certificate{} + cert.PrivateKey = k + certDERBlock, _ := pem.Decode(certPEMBlock) + if certDERBlock == nil { + return nil, errors.New("Failed to read certificate") + } + if certDERBlock.Type == "CERTIFICATE" { + cert.Certificate = append(cert.Certificate, certDERBlock.Bytes) + } + return cert, nil +} diff --git a/main.go b/main.go new file mode 100644 index 00000000..7943626d --- /dev/null +++ b/main.go @@ -0,0 +1,28 @@ +package main + +import ( + "log" + "crypto/tls" + "github.com/docker/parsec/client" +) + +func main(){ + c, err := client.InitClient() + if err != nil { + log.Println(err) + return + } + + k, err := c.KeyGet("keyid1") + if err != nil { + log.Println(err) + return + } + cert, err := client.X509KeyPair([]byte{}, k) + if err != nil { + log.Println(err) + return + } + config := &tls.Config{Certificates: []tls.Certificate{*cert}} + log.Println(config) +} diff --git a/types/types.go b/types/types.go new file mode 100644 index 00000000..ae8a2b5c --- /dev/null +++ b/types/types.go @@ -0,0 +1,15 @@ +package types + +import ( +) + +// Info defines all information related to Parsec server +type Info struct { +} + +// KeyAttributes defines all attributes that define a Key implementation +type KeyAttributes struct { +} + +// KeyID represents a key identifier +type KeyID string